Author Topic: URL: Mal  (Read 4032 times)

0 Members and 1 Guest are viewing this topic.

Pwadyal

  • Guest
URL: Mal
« on: September 17, 2012, 11:32:33 PM »
Object: http://i.trkjmp.com/crossdomain.xml
Infection: URL: Mal
Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

It says it on every website and I did a quick scan and full scan. Avast found nothing.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: URL: Mal
« Reply #1 on: September 17, 2012, 11:46:18 PM »
follow the guide and attach the logs

http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

Pwadyal

  • Guest
Re: URL: Mal
« Reply #2 on: October 03, 2012, 10:04:07 PM »
follow the guide and attach the logs

http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR


aswMBR freezes my computer when it runs. Not sure if it's supposed to do that?

Pwadyal

  • Guest
Re: URL: Mal
« Reply #3 on: October 03, 2012, 10:05:20 PM »
3rd attachment here - cudnt fit in on the previous post.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: URL: Mal
« Reply #4 on: October 03, 2012, 11:32:10 PM »
Hi you will need to manually remove Privatize from Chrome, then it will be completely gone

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKU\S-1-5-21-2414491415-3392443910-2700952820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKU\S-1-5-21-2414491415-3392443910-2700952820-1000\..\URLSearchHook: {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - No CLSID value found
IE - HKU\S-1-5-21-2414491415-3392443910-2700952820-1000\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - SOFTWARE\Classes\CLSID\{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}\InprocServer32 File not found
IE - HKU\S-1-5-21-2414491415-3392443910-2700952820-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.privitize.com/?aff=7&q={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Privitize VPN"
FF - prefs.js..keyword.URL: "http://search.privitize.com/?aff=7&q="
[2012/09/19 20:54:20 | 000,002,089 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\hrtkhle5.default\searchplugins\Startpins.xml
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll File not found
O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files (x86)\Celebrity Toolbar\mhxpcomi.dll File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Pwadyal

  • Guest
Re: URL: Mal
« Reply #5 on: October 04, 2012, 12:19:40 AM »
Thanks for the quick reply. First time getting malicious software downloaded -__-

Mikesale945

  • Guest
Re: URL: Mal
« Reply #6 on: October 04, 2012, 03:44:05 AM »
I'm having the same problem with Google. The problem is I can't post the logs because the verification is through Google. So I am posting on my phone

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: URL: Mal
« Reply #7 on: October 04, 2012, 03:47:11 PM »
@Pwadyal how is the computer behaving now ?

I'm having the same problem with Google. The problem is I can't post the logs because the verification is through Google. So I am posting on my phone
Once you have completed three post the verification should disappear, could you start your own thread please so that there is no confusion