A friend’s computer recently had an infection of the Win32.buzus variant already blocked by Bitdefender, however a “Trojan.JS.injector” still keeps attacking whenever I use IE or Mozilla, so I decided to try and use ZoneAlarm’s free firewall and turned off Bit’s firewall only. Later I noticed this IP address “60.13.218.11″ keeps popping being blocked by ZA and still counting (currently 140 after a few minutes)(Am I allowed to even post an IP here?). When I tracked it, it came from someone in Beijing China and I’m not from there. Is this one of those hacks? When will this be resolved by any antivirus company(Bit didn’t, tried someone’s Kaspersky but none resolved this attack). Please help.
60.13.218.11
Related posts:
9 responses so far ↓
1 Dit Man // Sep 24, 2008
Have you tried running some anti-malware software on your PC. Malwarebytes or Spybot Search and Destroy or Both!? You might have something on your PC acting like a little homing beacon?
2 scottyboy584 // Sep 24, 2008
DONT TURN ZONE ALARM OFF
i have it and sometimes a thing like this keeps popping up
just click the use the same response thing and click deny
3 katyxx21 // Sep 24, 2008
http://whois.domaintools.com/060.013.218.011
Try installing Norton anti virus or McAfee see if they stop it.
4 John A // Sep 24, 2008
Have you tried running an anti-malware software program on your PC.
The virus or maleware could already be in your system and trying to hack.
5 Parabola750 // Sep 24, 2008
go to an internet smart whois website. Find who owns that block of IP addresses and contact them. Report the abuse.
6 sexilicous_mama // Sep 24, 2008
do a port scan to see if its a hacker trying to access your pc- http://probe.hackerwatch.org/probe/probe.asp [when you open this website you will have to wait a little while cause it will immediately scan your ports!] 100% safe
or scan you pc for viruses online-
http://www.eset.com/onlinescan/
IP Information for 60.13.218.11
IP Location: China Beijing Kr-tazhi
IP Address: 60.13.218.11
Blacklist Status: Clear
Whois Record
inetnum: 60.13.218.0 - 60.13.218.63
netname: KR-TaZhi
country: CN
descr: KR-TaZhi
admin-c: WF116-AP
tech-c: WF116-AP
status: ASSIGNED NON-PORTABLE
changed: 20051231
mnt-by: MAINT-CNCGROUP-XJ
source: APNIC
route: 60.13.128.0/17
descr: CNC Group CHINA169 Xinjiang Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
changed: 20060118
source: APNIC
person: wang fujiang
nic-hdl: WF116-AP
e-mail:
address: No.4 Jing Yi Road
address: Urumqi 830000,China
phone: +86 991 6119979
fax-no: +86 991 6119974
country: cn
changed: 20040728
mnt-by: MAINT-CNCGROUP-XJ
source: APNIC
7 The Phlebob // Sep 24, 2008
Does sound like someone’s trying to get in. Leave ZA up. Unfortunately, not only won’t the antivirus companies “resolve” this — because they have neither the ability nor the authority — but the government of China probably won’t either. All we can do is keep our electronic doors locked.
Sorry.
8 patrick m // Sep 24, 2008
a Chinese website Location: 43.794N, 87.583E (advertising robot)
it is maybe a cookie update. don't worry until ZA block it, just remove and clean your cookies.
9 ComStar Computers // Sep 24, 2008
Well I went to the IP address 60.13.218.11 and it came back as PAGE COULD NOT BE DISPLAYED.
So I initiated a general ping test. I was able to consistently ping the ip address server which tells me that the server is actually up.
Now beings that the site is non existent but the server IS suggests that no threat exists as the server does not respond with ANY data.
However, this may also be due to a block being set in place if the site was a malicious site. This means that the server exists but the domain is not accessible, again suggesting that no current threat exists.
Finally, I did a traffic relay test to see if, infact, the server was transmitting data and again, it reported as being dormant.
While this particular IP address is not currently a threat, you DO have possible malicious software running a muck on your system.
Please obtain these programs FREE and run them.
Dial-A-Fix - http://downloads.comstar-computers.com
SmitFraudFix - http://downloads.comstar-computers.com (Antivirus)
CoolWebSearch Remover http://www.majorgeeks.com
ATF-Cleaner - http://www.majorgeeks.com
CCleaner http://www.ccleaner.com
Ad-Aware 2008 - http://lavasoft.com
AVG Antispyware - http://www.avg.com
ComTools (Updated to the 5401) - http://tools.comstar-computers.com
Install AVGand Ad-aware 2008 first and let them update.
Reboot in SAFE MODE and run these in this order.
ATF Cleaner
CoolWebSearch Remover
SmitfraudFix
CCleaner
Ad-Aware 2008
Dial-A-Fix
AVG Antispyware
Reboot normally
Unzip ComTools into it’s own folder (or preferrably into the Windows or WINNT folder)
Launch the ComTools program and select options 1,1 and download the update (Unzipping and overwriting the old files with the new ones.)
Repeat process until you have no more updates.
Next run ComTools and run options 1,3,2 which will download HiJackThis. Then return to the main menu of ComTools and select the options 5,1…
Have Hijackthis run a scan and post your log here. I will tell you what is safe to keep and what can be removed.
*ComTools has many tools that you can download from the ONLINE CENTER/GET TOOLS (options 1,3) that it can intergrate into it’s operations. You should definitely grab them.)
Leave a Comment