Help
I have a computer which was infected with Windows Scan. I have managed to remove that portion, but I continue to receive "blocked URL" pop ups from TrendMicro Security Agent at random times. Sometimes when I change webpages, sometimes when I close browsers, sometimes at random times, and sometimes multiple blocks at once. The url's are random gibberish (z0g7yalil0.com/long_stuff). MalwareBytes already cleaned off the Windows Scan, and new scans show nothing. TrendMicro shows nothing. IE appears to be mostly normal. Firefox runs mostly normal. Chrome is not able to browse at all. (I have already found and fixed the proxy issue). The computer is definitely not up to par, but at least it is better.
TIA for any help offered.
Yanda
Page 1 of 1
Post Windows Scan Infection
Back to top
#2
- New Member
-
- Group: Members
- Posts: 3
- Joined: 24-January 11
Posted 25 January 2011 - 02:26 PM
I have gotten Chrome to work again using the --no-sandbox flag; however, the blocked URL warnings are still occurring. Any help that can be offered will be greatly appreciated.
Yanda
Yanda
#3
- New Member
-
- Group: Members
- Posts: 2
- Joined: 30-January 11
Posted 30 January 2011 - 05:27 PM
I can't offer any help yet, but I just got hit with the same thing, although in my case it called itself "Antivirus .NET". Symantec AV caught the java script installer after the install, but not that application. MalwareBytes seemed to remove the "Antivirus .NET", but I still can't access Windows Update, and my PC is making a slew of http connects through a svchost.exe instance that start with a DNS lookup for z0g7yalil0.com. The connection to z0g7yalil0.com returns a list of other addresses for it to go hit. I have two different spyware scanners and one rootkit detector that aren't finding anything, perusing my HijackThis log hasn't turned up a root cause, and browsing through the registry hasn't found anything suspicious either.
#4
- New Member
-
- Group: Members
- Posts: 3
- Joined: 24-January 11
Posted 31 January 2011 - 11:00 AM
I think we have run Malwarebytes and TrendMicro just about every day and there's still nothing showing up. TrendMicro updates daily, so it is definitely well hidden.
Thanks for posting that I'm not the only one getting this. It appears to be mostly just irritating, not harmful, but maybe that is only because TM is catching the URL attempts.
Yanda
Thanks for posting that I'm not the only one getting this. It appears to be mostly just irritating, not harmful, but maybe that is only because TM is catching the URL attempts.
Yanda
#5
- New Member
-
- Group: Members
- Posts: 2
- Joined: 30-January 11
Posted 31 January 2011 - 08:34 PM
I found and ran the "gmer" rootkit utility. It reported some "rootkit like behavior" in my hard drive's boot sectors, plus also blue-screened during one of the file scans. After reading some of the rootkit removal tool (Combofix) documentation, I think I may be best off trying the Dell factory restore first, rather than using Combofix and potentially screwing up the factory restore option.
I was frustrated too. The only other reference I found was on a German board, also posted within the last week. I don't know if this is something new, or something old that just knows how to hide really well from the scanners. One other option might be to wait a week and see if the virus removal tools catch up and release a fix.
I was frustrated too. The only other reference I found was on a German board, also posted within the last week. I don't know if this is something new, or something old that just knows how to hide really well from the scanners. One other option might be to wait a week and see if the virus removal tools catch up and release a fix.
Share this topic:
Page 1 of 1