hijackthis
hijackthis copied to clipboard
dragokas
Undelivered Mail Returned to Sender - Your IP is BLACKLISTED
Hello,
I received an email back with the following message (xxx are parts anonymised by me):
Subject: Undelivered Mail Returned to Sender
This is the mail system at host mr6.vodafonemail.de.
I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can delete your own text from the attached returned message.
The mail system
<xxx.de>: host mail.xxx.de[xx.xxx.xx.xx] said: 553
Your IP is BLACKLISTED at UCEPROTECT-LEVEL 1 - See:
[http://www.uceprotect.net/rblcheck.php?ipr=xxx.xxx.xxx.xxx](http://www.uceprotect.net/rblcheck.php?ipr=145.253.228.166) (in reply to
RCPT TO command)
On the linked page of uceprotect.net it says among other things (translated here by me into English):
What does listed on UCEPROTECT level 1 mean? The IP xxx.xxx.xxx.xxx has come to our attention directly within the last 7 days because of abuse. Concrete accusation: From the IP xxx.xxx.xxx.xxx, an attempt was made to deliver mail to spam traps.
What happened there?
I have definitely not done anything that could in any way correspond to the "concrete accusation".
Due to a complete MS Defender Scan everything is o.k. In addition to that I did a check with hijackthis (see attachement). Any hints if I have been hijacked or anything else?
Thanks in advance for your help! CollectionLog-2022.09.25-17.21.zip
Hello and welcome,
First important thing I've noticed is modified system file named Hosts.
Start HiJackThis that version: C:\Users\Verwaltung\Downloads\AutoLogger\HiJackThis\HiJackThis.exe Press "Do a system scan only" button then checkmark only following:
O1 - Hosts: Reset contents to default
And press "Fix checked". Restart your PC.
Second: You have an outdated version of Malwarebytes version 4.4.11.149 Please update it or unistall, download and install an actual one. Do a full scan, save its result to text file and attach it to your next post.
Thank you very much!
The file "hosts" is modified by me orientated on https://github.com/StevenBlack But I set it back to default as you described.
Malwarebytes is updated, result see attachement. Malwarebyte.txt
I'm sorry, but MB version is still outdated
-Softwaredaten- Version: 4.4.11.149 Komponentenversion: 1.0.1513 Version des Aktualisierungspakets: 1.0.60402
While actual shold be 4.5.14.210 https://forums.malwarebytes.com/topic/281762-malwarebytes-45/#comment-1532675
Please update it carefully and get new log.
Next lets do another one scan.
Make sure you have exit all running programs. Download Microsoft Safety Scanner and run it.
In Scan Options choose FULL scan.
Get a lot of patience because the scan can take several hours depending of amount of files and speed of your PC. Wait for the end of scan, Log named MSERT should be found in this folder - C:\Windows\debug\msert.log
Please attach it to your next message.
Hmm, something obviously went wrong when updating malware. However ... Logs see attachement. msert.log Malwarebytes.txt
Thanks for the logs. It looks good:
No infection found.
What exactly went wrong? Please clarify.
I can not tell you more than in my opening thread: "IP is BLACKLISTED ...". Up to now the problem did not come up again. So I hope this was a single event. Thank you very much for your help!!!