Problems with Adware

Unanswered Question
Jun 20th, 2011


I have a problem with an adware(Blackhole DNS URLs) infecting a lot of machines, and I can't delete this from my network. How can I remove this malware.

Below the adware description:

1308583956.454 12 172.24.X.X TCP_DENIED/403 2993 GET "DOMAIN-BR\372670818@DOMAINBR" NONE/- - BLOCK_AMW_RESP_URL_11-Padrao-Authentication-NONE-NONE-NONE-NONE <IW_adv,-5.8,"13","Blackhole DNS URLs",90,39767,11269,"-","-",-,-,-,"-","-",-,"-","-",-,-,IW_adv,-,"Adware","Adware","Unknown","Unknown","-","-",1995.33,0,-,"-","-"> -

Someone can help me?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
edadios Mon, 06/20/2011 - 17:49

If PCs are already infected, you will need a host anti virus to have it removed from the PC.



adminseginfo Tue, 06/21/2011 - 06:26

But the antivirus can not find the malware, and cisco website support has no information about the malware.

edadios Tue, 06/21/2011 - 21:33

Your log shows the traffic is blocked by WSA.

My understanding is that your pc is trying to do this traffic, and that is because it is already infected.

You will need a host anti virus to scan your pc and remove it.

The WSA only deals with traffic it see, to do scan/block, whatever action is configured. It cannot remove Virus on the PC itself.




This Discussion

Related Content