Problems with Adware

Unanswered Question
Jun 20th, 2011

Hi.

I have a problem with an adware(Blackhole DNS URLs) infecting a lot of machines, and I can't delete this from my network. How can I remove this malware.

Below the adware description:

1308583956.454 12 172.24.X.X TCP_DENIED/403 2993 GET http://hrads.valuead.com/action?aid=330&acid=3&atp=0 "DOMAIN-BR\372670818@DOMAINBR" NONE/- - BLOCK_AMW_RESP_URL_11-Padrao-Authentication-NONE-NONE-NONE-NONE <IW_adv,-5.8,"13","Blackhole DNS URLs",90,39767,11269,"-","-",-,-,-,"-","-",-,"-","-",-,-,IW_adv,-,"Adware","Adware","Unknown","Unknown","-","-",1995.33,0,-,"-","-"> -

Someone can help me?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
edadios Mon, 06/20/2011 - 17:49

If PCs are already infected, you will need a host anti virus to have it removed from the PC.

Regards,

Eric

adminseginfo Tue, 06/21/2011 - 06:26

But the antivirus can not find the malware, and cisco website support has no information about the malware.

edadios Tue, 06/21/2011 - 21:33

Your log shows the traffic is blocked by WSA.

My understanding is that your pc is trying to do this traffic, and that is because it is already infected.

You will need a host anti virus to scan your pc and remove it.

The WSA only deals with traffic it see, to do scan/block, whatever action is configured. It cannot remove Virus on the PC itself.

Regards,

Eric

Actions

Login or Register to take actions

This Discussion

Posted June 20, 2011 at 9:08 AM
Stats:
Replies:3 Avg. Rating:
Views:611 Votes:0
Shares:0
Tags: dns, url, adware, blackhole
+

Related Content

 

Discussions Leaderboard