Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects and Avast reports URL: Mal infection


  • Please log in to reply
12 replies to this topic

#1 moltav_c

moltav_c

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 21 June 2011 - 01:46 PM

Google redirects and Avast reports URL: Mal infection

Ive recently noticed odd behavior with my computer, for example, google redirects to non related websites when I click on links from a search and every 20-30 minutes or so Avast free antivirus program sends me a pop up that claims to have blocked a Malicious URL, it reports the same two addresses each and every time. The message reads as follows:

Malicious URL Blocked
Avast Network Shield has blocked a harmful site.
Object: (Not sure if its safe to post that here, since its looks like a web address but I‘ll type the beginning of both IPs) 91.217.153.48 and the other is 89.187.53.210
Infection: URL:MAL
Action: blocked
Process: C:\Windows\SysWOW64\apss32.exe


Avast scans found nothing so I immediately installed and ran Malware bytes free edition and Super Anti spy ware free edition. Both programs turned up infected files but neither solved the main issue.
What should I do now?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:44 AM

Posted 21 June 2011 - 10:05 PM

Hello these are malwares and they are trying to exploit something that may not be updated.
https://safeweb.norton.com/report/show?name=91.217.153.48

You are not infected and Avast is doing it's job alerting you.Is windows updated?

What version of JAVA,if any, is running?
Go into Control Panel>Add Remove Programs. Be sure the 'Show Updates' box is checked. Go down the list and tell me what Java applications are installed and their version. (Highlight the program to see this).

Do you use Adobe?

How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector

Please post your MBAM log.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Edited by boopme, 21 June 2011 - 10:06 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 moltav_c

moltav_c
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 22 June 2011 - 12:33 PM

Windows is fully up to date. I just checked and there was only 1 optional thing in queue, ATI Radeon hd Display, so I updated that as well.

I have J2SE Runtime environment 5.0 update 21 version 1.5.0.210
And Java 6 update 26 version 6.0.260

I use Adobe Reader, Flash player and Adobe Air quite often. I also have Adobe shockwave installed. I checked all of them and they were not up to date, so I made sure to update them.

Here is the my last MBAM log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6902

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

6/20/2011 12:39:56 PM
mbam-log-2011-06-20 (12-39-56).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 674653
Time elapsed: 1 hour(s), 40 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\programdata\api-ms-win-core-memory-l1-1-032.dll (Trojan.Tracur.Gen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0B4FE44F-7961-4E25-9F69-88EBE5CFF273} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B4FE44F-7961-4E25-9F69-88EBE5CFF273} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0B4FE44F-7961-4E25-9F69-88EBE5CFF273} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B4FE44F-7961-4E25-9F69-88EBE5CFF273} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{246D66BA-F7C7-1DC9-F65E-FD91B12AE33C} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{246D66BA-F7C7-1DC9-F65E-FD91B12AE33C} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{246D66BA-F7C7-1DC9-F65E-FD91B12AE33C} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{246D66BA-F7C7-1DC9-F65E-FD91B12AE33C} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur.Gen) -> Bad: (C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-032.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\X\AppData\Local\Temp\ms0cfg32.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\X\documents\games\formanite008_flash_games\flash games\best-friends.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\X\documents\games\formanite008_flash_games\flash games\king-of-the-hill.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\System32\api-ms-win-core-memory-l1-1-032.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\DelUS.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\programdata\api-ms-win-core-memory-l1-1-032.dll (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
c:\Users\X\0.45287247150206233.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:44 AM

Posted 22 June 2011 - 02:04 PM

Hello, please remove this and reboot
J2SE Runtime environment 5.0 update 21 version,it's out dated and can be exploited.

Let's see i anthing else is left.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 moltav_c

moltav_c
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 22 June 2011 - 08:20 PM

Ok, here are the results
ESET Scan log

C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll

Win32/TrojanDownloader.Agent.PDY trojan cleaned by deleting (after the next restart) - quarantined
C:\ProgramData\dhcpcsvc632.exe Win32/TrojanDownloader.Tracur.B trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\X\AppData\Local\Temp\jar_cache5488613465961172779.tmp a variant of Java/TrojanDownloader.OpenStream.NBU trojan deleted - quarantined
C:\Users\X\AppData\Local\Temp\jar_cache5714698309538349460.tmp a variant of Java/Exploit.CVE-2010-0842.L trojan deleted - quarantined
C:\Users\X\AppData\Local\Temp\kuGDYyHg.exe.part Win32/OpenCandy application deleted - quarantined
C:\Users\X\AppData\Local\Temp\NOD91B1.tmp

Win32/TrojanDownloader.Agent.PDY trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\X\AppData\Local\Temp\NOD93E3.tmp

Win32/TrojanDownloader.Tracur.B trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-528c1586

Java/TrojanDownloader.OpenStream.NBS trojan cleaned by deleting - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d0f390c-24fe0cf6 multiple threats deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\7efe204d-700dd1ab multiple threats deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\20f951d8-29c0b175 probably a variant of Win32/Agent.RPSVWU trojan cleaned by deleting -

quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\7aa0815a-5ba23987 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5070075d-39d164af

Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\6eee3aa1-6830cc7c a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\655de304-2c9e4358
probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\15467029-1ceff092

multiple threats deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2b8379a9-60126815
multiple threats deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\6fc286d-5ab68219 multiple threats deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\43458f85-6364dcf1 a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\3207c172-2914993e a variant of Java/Rowindal.A trojan deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\4b361974-7252e40a

multiple threats deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\58fe4034-2187e121 a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\52614f75-53b26fc0
probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\7fa50935-1efa53e8 multiple threats deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6e45fa36-49bee1c3
Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\21bbb478-1d3ddc1e
probably a variant of Win32/Agent.RPSVWU trojan cleaned by deleting - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\10fa0cb9-1ad6d445 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\30ee3746-61f938ca probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\42e55947-4eae8c91 a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\64a5a908-1d733d89 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\X\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\36c06809-3e8dc79f probably a variant of Win32/Agent.RPSVWU trojan cleaned by deleting - uarantined
C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\47bmyho9.default\extensions\{3f85f9ee-aa1d-4d20-b534-50470f19abf5}\chrome.manifest

Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\47bmyho9.default\extensions\{3f85f9ee-aa1d-4d20-b534-50470f19abf5}\chrome\xulcache.jar JS/Agent.NDB trojan deleted - quarantined
C:\Users\X\Downloads\videora-ipad-600-setup.exe Win32/OpenCandy application

deleted - quarantined
C:\Users\X\Downloads\videora-iphone-600-setup.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Patrice\Downloads\Adobe Flash Pro CS5\Adobe Flash Pro CS5.rar a variant of Win32/HackTool.Patcher.P application deleted - quarantined
C:\Users\X\Downloads\AUTODESK.3DSMAX.V2011.RETAIL-ISO\3dsmax2011.iso a variant of Win32/Keygen.BL application deleted - quarantined
C:\Users\X\Downloads\Game Dev\flash plugins\swf combiners\Iwisoft_Flash_SWF_to_Video_Converter_3.4.0.0.rar

Win32/HackTool.Patcher.A application deleted - quarantined
C:\Users\X\Downloads\Game Dev\flash plugins\swf combiners\Iwisoft_Flash_SWF_to_Video_Converter_3.4.0.0\Patch\iwisoft.flash.swf.to.video.converter.3.x-patch.exe

Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\Users\X\Downloads\Game Dev\flash plugins\swf combiners\Iwisoft_Flash_SWF_to_Video_Converter_3.4.0.0\Patch\iwisoft.flash.swf.to.video.converter.3.x-patch.rar

Win32/HackTool.Patcher.A application deleted - quarantined
C:\Users\X\Downloads\Game Dev\Flex Builder 3.0.2\Adobe.Flex.Builder.Professional.v3.0.2_Core.rar a variant of

Win32/Keygen.BH application deleted - quarantined
C:\Users\X\Downloads\Game Dev\Flex Builder 3.0.2\Adobe.Flex.Builder.Professional.v3.0.2_Core\keygen.exe a variant of

Win32/Keygen.BH application cleaned by deleting - quarantined
C:\Users\X\Downloads\Game Dev\MMF2Developer\Multimedia_Fusion_2_Developer_+_Extras\Multimedia_Fusion_2_Developer_+_Extras\Update Patches\Multimedia_Fusion_2_Update_249.exe probably a variant of

Win32/Agent.GNTHFTT trojan deleted - quarantined
C:\Users\X\Downloads\MindManager v9.0.246\MindManager v9.0.246.rar probably a variant of Win32/TrojanDownloader.Agent.CTYGZZM trojan deleted - quarantined
C:\Users\X\Downloads\Red Giant Suite 2009 working class\Color Correction

Products\Red Giant Colorista PPo CS4\COLORISTA_Win Premiere.zip probably a variant of Win32/TrojanDropper.Small.JDOTEYN trojan deleted - quarantined
C:\Users\X\Downloads\Red Giant Suite 2009 working class\Color Correction

Products\Red Giant Colorista PPo CS4\Crack\MBC.exe probably a variant of Win32/TrojanDropper.Small.JDOTEYN trojan cleaned by deleting - quarantined
C:\Users\X\Downloads\Red Giant Suite 2009 working class\Color Correction

Products\Red Giant Colorista PPo CS4\MBCOLORISTA_Win_Full\Crak\MBC.exe probably a variant of Win32/TrojanDropper.Small.JDOTEYN trojan cleaned by deleting - quarantined
C:\Users\X\Downloads\Red Giant Suite 2009 working class\Keying Products\Red Giant Key Correct Pro v1.1 (Mac), v1.0 (Win)\Red Giant Key Correct Pro v1.1

(Mac), v1.0 (Win)\Crack\KeyCorrect-kg.exe probably a variant of

Win32/TrojanDropper.Small.GTXYMOI trojan cleaned by deleting - quarantined
C:\Windows\System32\apss32.exe Win32/TrojanDownloader.Tracur.B trojan
cleaned by deleting (after the next restart) - quarantined

Edited by boopme, 22 June 2011 - 08:48 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:44 AM

Posted 22 June 2011 - 08:53 PM

IMPORTANT NOTE: The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Before we can continue, I need you to remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites you visited to get them is almost a guaranteed way to get yourself infected!!


Please download CKScanner and save it to your Desktop. <-Important!!!
  • Double-click on CKScanner.exe and click Search For Files.
  • If using Vista, right-click on it and Run As Administrator.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A text file will be created on your desktop named ckfiles.txt.
  • Click OK at the file saved message box.
  • Double-click the ckfiles.txt icon on your desktop to open the log and copy/paste the contents in your next reply.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 moltav_c

moltav_c
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 23 June 2011 - 12:25 PM

Things went back to normal on my computer after the ESET scan. No more Avast alerts and Google no longer redirects. Ive deleted all of the shady software from my computer. I believe my attack came from a website though, will be avoiding it from now on. Thanks so much for the help and I will definitely heed your advice.

Here's the CK scanner log:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\inkscape\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files (x86)\inkscape\python\lib\site-packages\numpy\f2py\crackfortran.pyc
c:\program files (x86)\inkscape\python\lib\site-packages\numpy\f2py\crackfortran.pyo
c:\users\X\appdata\local\flvservice\youtube - aflac duck on crack.bin
c:\users\X\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
c:\users\X\documents\3-62\import\color crack.emf
c:\users\X\documents\projects\vid ref\firecracker_02.mov
c:\users\X\documents\sfx\independent_nu_35-wood_crack_hit_destruction.7z
hosts 127.0.0.1 activate.adobe.com
scanner sequence 3.ZZ.11
----- EOF -----

And this is MBAM's log:


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6928

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

6/23/2011 1:16:47 PM
mbam-log-2011-06-23 (13-16-47).txt

Scan type: Quick scan
Objects scanned: 179946
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:44 AM

Posted 23 June 2011 - 01:15 PM

You're welcome.. Yes be careful they arenn't free because they like you... They want something from you..

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 dierthling

dierthling

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 11 July 2011 - 07:25 PM

Hello. I am having this exact problem. I went did what you told them to do, however I am still having the problem. I'm starting to think I may just have to do a restore : (. Please help!

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:44 AM

Posted 11 July 2011 - 07:58 PM

Your decision as to what action to take should be made by reading and asking yourself the questions presented in "When Should I Format, How Should I Reinstall?" In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.



OR
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 JannEd

JannEd

  • Members
  • 153 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lake of the Ozarks, MO
  • Local time:07:44 AM

Posted 18 February 2012 - 08:22 PM

Boopme!!! Glad to see you here!! Just a comment about the original poster's problem. Don't know about the google redirecting thing, cleaned that false MS Win 7 2011 mess off someone's computer last year and that was redirecting everything to anywhere.
I came in here because Avast just gave me that URL.mal message. I was downloading video content from a survey site when it came in. It was the second download for the survey I am taking, so I am not sure that is what caused it. You know me, clean, clean, clean, update, update, update!! How are you??

Jann
ps had to edit, having a double post day today!

Edited by JannEd, 18 February 2012 - 08:26 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:44 AM

Posted 19 February 2012 - 08:48 PM

Hey JannEd.... technically the entries are malware related but we are reporting these issues to AVast here:
http://www.avast.com/contact-form.php?loadStyles
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 JannEd

JannEd

  • Members
  • 153 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lake of the Ozarks, MO
  • Local time:07:44 AM

Posted 19 February 2012 - 10:05 PM

Hey JannEd.... technically the entries are malware related but we are reporting these issues to AVast here:
http://www.avast.com/contact-form.php?loadStyles


After I posted that, I kept the download going on the survey site just to see if that was it. Turns out that it wasn't. It seems to me there was another box from Avast to report to, but not really sure. I don't know where it came from. I do know that YoWindows (my favorite weather program) was also having issues. Uninstalled that and installed the newest ver and all is well. I have had instances of Avast stopping my home page from redirecting, and that is my Google Mail. Will keep my eyes open and investigate more thoroughly if it happens again! I will keep this URL just in case. Thank you!

Jann




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users