Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: jesamine on May 27, 2012, 11:49:45 AM

Title: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 27, 2012, 11:49:45 AM
I am using Avast Free Antivirus and am getting repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts (one being: http://agrifarma.com/p/as?64206) whenever I go to my / some of my friends MySpace profiles; I have been in contact with MySpace about this, but was told that my profile was checked at their end and no issue was found. This is driving me crazy, so much so that I am considering removing Avast and trying a different antivirus, but I really do not want to do this as I am very happy with it otherwise. Can anyone help please?
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: Asyn on May 27, 2012, 11:53:01 AM
This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware.
Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: Pondus on May 27, 2012, 12:34:43 PM
the problem is not avast......but that you have an infection.
so replacing avast with a AV that does not detect, does not solve/remove the infection  ;)

so follow Asyns advice
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 27, 2012, 01:46:34 PM
Thank you very much for your help. One object was found and removed (see below), however, I have just visited my MySpace profile again and Avast alerted me with a different URL Mal:

Infection Details
URL:   http://www1.strongpqcleaner.dnset.com/O....
Process:   C:\Program Files\Mozilla Firefox\firefox...
Infection:   URL:Mal

!!

Shall I run Malwarebytes again?

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.27.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
dell owner :: OWNER-25721C41B [administrator]

27/05/2012 11:45:51
mbam-log-2012-05-27 (11-45-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 179764
Time elapsed: 40 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: Pondus on May 27, 2012, 02:57:59 PM
you also have to attach (not copy and paste) OTL and aswMBR log
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 27, 2012, 05:14:54 PM
Sorry, missed that. I hope these attachments are okay....I had already recently used aswMBR.exe.

**Please note that this issue has been going on for some months now, so it will not be linked to recent modifications**
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: Pondus on May 27, 2012, 08:50:52 PM
i see lots of McAfee files in your log......do you have McAfee installed ?
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 27, 2012, 09:33:10 PM
I only have McAfee Security Scan installed, which runs a very short basic safety test, I installed that after this problem arose....it showed clear. I used to use McAfee before Avast, but my hard drive has since (as far as I can remember) been wiped clean by a PC World technician so I don't think that would show now? The issue only occurs when I am on MySpace, could MySpace be the problem?
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on May 28, 2012, 12:54:16 AM
Let me look over the logs and I will return as quickly as I can.  :)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 28, 2012, 01:13:06 AM
Thank you - I really appreciate you all helping me. Here are two of the public MySpace profiles I have problems with....perhaps you can test whether you receive alerts here too in order to ascertain where the fault lies:

http://www.myspace.com/merlinmallet

Infection Details
URL:   http://www1.bestdefenseij.dnset.com/i.ht...
Process:   C:\Program Files\Mozilla Firefox\firefox...
Infection:   URL:Mal

http://www.myspace.com/573275561

Infection Details
URL:   http://agrifarma.com/p/as?1015
Process:   C:\Program Files\Mozilla Firefox\firefox...
Infection:   HTML:RedirME-inf [Trj]

My two private profiles trigger alerts too every time I click on them.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: UserA789 on May 28, 2012, 02:16:20 AM
Your friends, most likely with out knowing, are probably attaching malicous sites/videos/content from other URL's to their page(s).  A big problem these days is thinking we can do this without it affecting anyone else, or not understanding how code injection CAN be used in different ways.

You may want to give your friends a heads up, unforunatly like most, they will take it completly personal and tell you its your machine or even your fault.  I have had this problem myself, and even once on my own MySpace page.  Once I got rid of the URL-redirect I didnt realise was malicous, it went away.  Its why I utterly HATE >:(  the 'Share' feature on FB.

But again, to tell anyone their stuff is broken/infected is like claiming they did it on purpose.  They will get as defensive as one can fathom and say 'it didnt set off mine so its just you' and subsequently further spread malicous content.

I would advese you continue working with Asyn.

the problem is not avast......but that you have an infection.
so replacing avast with a AV that does not detect, does not solve/remove the infection  ;)
I dont know if you realise this but being that we pay for AND/OR trust Avast to prevent infection.  If our machines become infected thats EXACTLY whos fault it is.  Thats not saying that Avast made the infection, just that Avast let us be infected.  Just say'n... not tryin to change this thread.

Either way;
so follow Asyns advice
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on May 28, 2012, 03:24:33 AM
Hi,

I went to the link and got the popup about the infection so I agree that the infection is on that particular page itself. 
--------------

Are you using McAfee or Avast for your antivirus program?  We need to remove one of them.  Let me know which one you would like to remove. 
----------

Please download and run ERUNT (http://www.snapfiles.com/get/erunt.html) (Emergency Recovery Utility NT).  This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.  **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

Run OTL.exe
Code: [Select]
:Services

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-725345543-839522115-1202660629-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://uk.myspace.com/home"
[2010/05/18 15:24:37 | 000,002,139 | ---- | M] () -- C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\q0me9ao2.default\searchplugins\MyStart Search.xml
[2011/12/23 17:17:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[createrestorepoint]
[start explorer]
[Reboot]
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 28, 2012, 03:21:44 PM
HELP!

I started OTL as per your instructions....it stated killing processes and my computer immediately displayed the screen of death. Nothing has happened since, I am afraid to turn it off. What do I do? I am using a neighbour's computer for this.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on May 28, 2012, 03:26:33 PM
Hi,

It's ok to reboot your system.  This time boot into Safe Mode and run the instructions I posted for OTL from there.  :)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 28, 2012, 06:05:59 PM
Didn't expect that and got worried! Reminded me of the time I grew impatient with a 'System Restore'....I turned my computer off and my operating system wouldn't restart....ended up with a partition, new operating system and a computer technician's bill! Does this mean that the OTL 'fix' hasn't been carried out? I couldn't boot into safe mode, nothing happened when I clicked on the up/down arrow options. 
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on May 28, 2012, 11:08:37 PM
No the OTL fix probably has not been completed.  Are you not able to boot to Safe Mode now? 
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: mchain on May 28, 2012, 11:20:17 PM
Hi jesamine,

jeffce's question is critical. 

As he has other ways to fix your system using programs that run outside of windows, do not worry.  So even if you cannot get into Safe Mode there are other ways of doing this.  You are in good hands here, and very sorry about that other bad time you had a while ago. 

If you can get into Safe Mode, tell jeffce.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 29, 2012, 12:13:45 AM
No, just tried again....cannot get into safe mode through F8, nothing happens when I press the arrows, option remains on 'boot normally' and pressing enter also does nothing, so I had to switch off and start again. I also wasn't able to use System Restore recently, again nothing happened. Oh I do have faith in jeffce....I just don't in this computer! It's not new and I'm not sure it can withstand the alterations. If it's the pages on MySpace that are infected, not this computer?, what exactly are we trying to do?

Off issue, I was slightly concerned by this on the Extras.Txt:

ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected  address range. This could lead to system instability.

I removed the McAfee Security Scan.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on May 29, 2012, 12:18:53 AM
Hi,

Sorry to hear about your problems.  When you say "It's not new..."  how old is your system?  If your system is actually old, than it could be that Windows has just gotten a bit sloppy and a format/reinstall would be a prudent option.

As for the infections, the page on MySpace does seem to be infected but there are other little nasties that need to be removed. 
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 29, 2012, 12:35:50 AM
Okay. The computer is Dell and 12 years old, a PC World technician wiped it clean and reinstalled XP 2-3 years ago. It's not really worth further work though, it's rather low on RAM, which cannot be easily upgraded (Rambus)....and I cannot afford a new one at the moment.  :-\
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on May 29, 2012, 04:03:11 AM
Hi,

Well just because it is an older system let's not give up yet.  :)

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

* IMPORTANT !!! Save ComboFix.exe to your Desktop


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

(http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

(http://img.photobucket.com/albums/v706/ried7/RC2-1.png)

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
----------
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 29, 2012, 11:41:58 AM
Rather nervous about this...."On each restart of the machine, a black screen will offer you the option to boot into recovery consule mode. For normal use, just ignore the black screen. Windows shall boot normally in 2 seconds." The dreaded black screen....please re-confirm that it will boot normally automatically without me pressing arrows or enter won't it?

All was working very well on my computer until I downloaded SP3....started to have problems directly afterwards....lost the Help and Support Centre too, can't search on it now, no results show. I tried to remove SP3, but couldn't do it.

I have over time been plagued by Canadian **SPAM** emails and I suspected at one time that something may have been done to my computer.

**Please note that I do not have a Windows XP CD and I have just read: "To install the Recovery Console, you will need your Windows XP CD.**
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on May 29, 2012, 01:45:01 PM
Hi,

Quote
please re-confirm that it will boot normally automatically without me pressing arrows or enter won't it?
Yes it should.  :)

Do you have anyone that you might be able to borrow a Windows CD from? 
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 29, 2012, 03:19:15 PM
I'm afraid not.  :(

Shame I couldn't complete OTL without using safe mode.

I guess we're running out of options here? What could these 'nasties' do though if I were to leave them?
 
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on May 29, 2012, 06:41:04 PM

Quote
What could these 'nasties' do though if I were to leave them?
Well they could lead and open doors for more serious infections that could steal information from you like passwords, account numbers and such...
----------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994 (http://support.microsoft.com/kb/310994)

Scroll down to Step 1, and select the download that's appropriate for your Operating System.  Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


(http://img.photobucket.com/albums/v666/sUBs/RC1-4.gif)


(http://img.photobucket.com/albums/v706/ried7/cfRC_screen_2.png)


Please post the C:\ComboFix.txt in your next reply.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 29, 2012, 09:15:45 PM
Hi,

I have Windows XP Home Edition and SP3. So I need to download SP2 (as you advised) and XP Home Edition as well, correct?

Re: Transfer all files you just downloaded to the desktop of the infected computer. How do I do that please? I didn't know how to download OTL to my desktop either....there's no icon there.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on May 30, 2012, 01:41:30 AM
Hi,

No you only need to download the files for Windows XP Service Pack 2. 

What browser are you using for the downloads??  IE, Firefox, Chrome...
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 30, 2012, 09:40:18 AM
Firefox

I'm worried about whether I'd actually be able to boot up in 'Recovery Console' mode when I can't use arrows and enter to boot up in anything other than normal mode. Would I need to use those? Also worried that I am not able to use System Restore.

Would I be able to use the XP Setup disk to carry out a clean installation in future if needed, only I would rather download that if the answer is yes?

In case you are not about to answer this: Reminder: Re: Transfer all files you just downloaded to the desktop of the infected computer. How do I do that please? I didn't know how to download OTL to my desktop either....there's no icon there.

Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on May 30, 2012, 01:43:33 PM
Hi,

To download files to your Desktop in Firefox do the following: 

Open Firefox >> click on Tools >> Options >> in the General tab >> check Always ask me where to save files and this will allow you to select Desktop as the location to download your files to.  :)
------------

Let me clarify...are you unable to use your keyboard as well?  Is that in both Normal and Safe Mode?
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 30, 2012, 02:11:01 PM
Keyboard use generally is fine, however, after I pressed F8 for the boot menu I tried to select safe mode using my keyboard, but nothing happened with the up/down arrows, it was stuck on normal boot....I tried to select that with 'enter'....again nothing happened, so I had to manually switch off and boot normally.

It's like something (SP3?) has knocked out important functions on this computer, I did not have these problems after the fresh installation of XP.

I really appreciate your time and effort in helping me.  :)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on May 30, 2012, 02:15:07 PM
Hi,

Let's look over your keyboard registry key...

Code: [Select]
@echo off
regedit.exe /e "%userprofile%\Desktop\look.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Kbdclass"
Notepad.exe %userprofile%\Desktop\look.txt
Del look.txt
Del %0
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 30, 2012, 08:00:11 PM
@echo off
regedit.exe /e "%userprofile%\Desktop\look.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Kbdclass"
Notepad.exe %userprofile%\Desktop\look.txt
Del look.txt
Del %0
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on May 30, 2012, 08:25:36 PM
Did you have troubles with the instructions I provided?  There should have been a log created on your Desktop for you to attach.  :)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 30, 2012, 09:03:41 PM
Sorry, thought I'd managed it....that was what you gave me!  ;D Yes, said I couldn't save it to that location (All Files), eventually I did save it, but when I clicked on the file a black screen momentarily appeared then vanished.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 31, 2012, 12:44:52 AM
Well today my computer became slow and unresponsive (it's low on RAM) and my profile page was re-directed to: http://agrifarma.com/p/as?64206 before Avast could kick in to stop it (first time that has happened) and I then received a WOT red warning on it.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on May 31, 2012, 01:06:17 AM
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 31, 2012, 04:01:21 PM
I double clicked the TDSSKiller.exe on the desktop, was given a sole option to 'run', which I clicked and then nothing happened, I sat with a busy mouse icon for ten minutes with no window showing?

Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on May 31, 2012, 04:16:12 PM
Hi,

Ok give it a run from Safe Mode and if a log is made attach it.  :)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 31, 2012, 04:21:22 PM
Just followed online advice here to rename it: http://www.bleepingcomputer.com/forums/topic372491.html, it has worked....scan box is now showing.  :)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on May 31, 2012, 04:41:01 PM
It says: No threats found. How do I find a copy of the log please? I can see it on the scan details, but can't copy it.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on May 31, 2012, 05:00:44 PM
Hi,

If it said no threats found that is fine.

GMER

Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
.
----------
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 01, 2012, 11:18:17 AM
Hi,

Towards the end of the scan my computer abruptly stopped....a blue screen appeared: "A problem has been detected and Windows has been shut down to prevent damage to your computer" This is the second crash I have had, I'm too afraid to pursue this any further. I didn't see any issues listed up to that point. Would you kindly tell me how to remove GMER Rootkit Scanner, TDSSKiller.exe and OTL.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 01, 2012, 03:06:44 PM
I just want to clarify...Are you saying you don't want help any longer?  I only ask because I don't want to remove tools unless you are certain. 
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 01, 2012, 03:36:44 PM
Although I don't like the idea of having 'nasties' on my computer and I do have complete faith in you, having a computer that is up and running is my main concern....I can't be without it. I have just had the same blue screen shutdown I had with the last scan, when I tried to carry out a dsk chk (which was clean after I managed to re-boot successfully). It said: Drive IRQL not less or equal....please check new installations (plus further instructions)?? I am worried that something has gone wrong, I have never had this type of shutdown before.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 01, 2012, 05:46:01 PM
Quote
It said: Drive IRQL not less or equal
Were you able to get the complete message that was shown by chance? 

Let's check to make sure you don't have a failing hard drive. 

Please download HD Tune (http://www.hdtune.com/download.html) (the free version not the trial), run an error scan on your primary harddrive (full not quick) and report back if any blocks aren't green. It tests your hard drive for bad sectors.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 01, 2012, 06:37:13 PM
I've done a search and found this, which seems *SIMILAR BUT MAY NOT BE EXACTLY THE SAME*

A problem has been detected and Windows has been shut down to prevent damage
to your computer.

Driver IRQL not less or equal. (that was there)

If this is the first time you've seen this stop error screen,
restart your computer. If this screen appears again, follow
these steps:

Check to make sure any new hardware or software is properly installed.
If this is a new installation, ask your hardware or software manufacturer
for any Windows updates you might need.

If problems continue, disable or remove any newly installed hardware
or software. Disable BIOS memory options such as caching or shadowing.
If you need to use safe mode to remove or disable components, restart
your computer, press F8 to select Advanced Startup Options, and then
select Safe Mode.

Technical Information:

*** STOP: 0x00000018 (0x00000000, 0x86f0e908, 0x00000002, 0xffffffff)

*** fltmgr.sys - Address 0x87fc79ec base at 0x87fc0000 DateStamp 0x4a5bbf11

<Original title - BSOD>

I'm too afraid to do any more scans at present, as it was the scans that triggered these crashes....OTL caused a black screen with no message crash, which I've not had before and the first blue screen shutdown I've ever had, with message similar to above, happened while GMER Rootkit Scanner was running, so I want to remove that first please....can you tell me how to do it. Thanks, as always.  :) I'm really worried....as you know I can't use System Restore or safe mode.

*I checked for Windows updates a couple of days ago, said no essential ones were needed.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 01, 2012, 07:22:12 PM
Ok....If you run the following instructions you will remove GMER, OTL and many other files from programs we have used.  Anything else that you see that was related to what we did here you can just send to the Recycle Bin for deletion. 

Clean up with OTL:
----------

Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 01, 2012, 08:01:15 PM
Done - re-booted normally and quicker than the last few times - it has been acting strange at start-up. Shall I monitor this for a few days and let you know if the shutdown occurs again?
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 01, 2012, 08:32:11 PM
Sure...that sound just fine.  :)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 08, 2012, 01:29:33 PM
Hi, I'm afraid I had the BSOD again this morning with the: Driver IRQL not less or equal cause given. I have read elsewhere that the GMER Rootkit Scanner can cause this problem, particularly in older systems. Re:

Please download TDSSKiller.zip

    Extract it to your desktop
    Double click TDSSKiller.exe
    when the window opens, click on Change Parameters

Would you kindly tell me what the 'Change Parameters' actually does?

I want to be able to use Safe Mode so I can select the Last Known Good Configuration option from the Windows Advanced Options menu, but as you know I can't....




 
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 08, 2012, 01:40:41 PM
Hi,

Quote
Driver IRQL not less or equal cause given. I have read elsewhere that the GMER Rootkit Scanner can cause this problem, particularly in older systems
This is normally a problem with one of the drivers on your system that probably needs updating or a reinstallation.  You might try looking in Device Manager to see if any of the drivers have any warnings active right now and that may be your problem.

Quote
Would you kindly tell me what the 'Change Parameters' actually does?
This is only changing what it is that the scanner is looking at and not actually changing anything on the system.  TDSSKiller won't do anything to your system that we don't tell it to do.  :)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 08, 2012, 02:02:04 PM
Okay....I might ask for suggestions on Microsoft Answers....I'll give you any worthwhile update if you wish? I want to take this opportunity to thank you again for your help, time and patience.  :)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: ligersandtigers on June 09, 2012, 12:38:16 AM
Hi,

I'm not getting that virus notification when I go to those MySpaces anymore.  Are you?
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 09, 2012, 01:10:12 AM
 :o !!!! No....well, who rectified that I wonder? Yesterday it was there, just now not and it has been going on for months.

HOORAY - I hope it lasts - was driving me crazy.

Now all I need is someone to help me with the keyboard issue and BSODs....
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 09, 2012, 02:46:04 AM
Did the lovely jeffce step outside his line of duty and correct that?
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 09, 2012, 02:49:19 AM
Hi,

So what problems are you having with your keyboard exactly?

Were you ever able to run HDTune after I gave the instructions for that? 
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 10, 2012, 01:45:02 AM
Hi,

Sorry, missed this:

Quote

Driver IRQL not less or equal cause given. I have read elsewhere that the GMER Rootkit Scanner can cause this problem, particularly in older systems

This is normally a problem with one of the drivers on your system that probably needs updating or a reinstallation.  You might try looking in Device Manager to see if any of the drivers have any warnings active right now and that may be your problem.

I had a look, but couldn't see any warnings....could it still be the case though?

Found this:

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.

http://www.computing.net/answers/windows-xp/driver-irql-not-less-or-equal/142741.html

Remember the OTL Extras.Txt:

ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected  address range. This could lead to system instability.

Are those two linked?

I've read that a Clean Boot might rectify this issue, trouble is I'm not confident carrying out this type of work and I'm worried I may make things worse and lose the computer altogether.

Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 10, 2012, 02:06:35 AM
http://support.microsoft.com/kb/283649

"ACPI BIOS is attempting to write to an illegal IO port address" error message when you open the event viewer

This behavior may occur if your computer's basic input/output system (BIOS) tries to write to one of the earlier ports by using an AML [Advanced Configuration and Power Interface (ACPI) Machine Language] System IO operation region. Your try may be blocked by Microsoft Windows XP because accessing these ports by using this mechanism is considered dangerous and can cause system instability. This feature is designed to improve the stability of your computer's operating system.

Because the original operating system was not XP?

If I get the BSOD again, I'll write down the most important codes. I'm too afraid to run any more scans at present. :)

Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 10, 2012, 02:40:12 AM
Ok yes please write down any specific information shown. 

I am going to try to have a more "tech" person look at the logs.  :)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 10, 2012, 12:39:55 PM
You're very helpful and kind - thank you.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 11, 2012, 01:51:45 PM
Hi,

Delete you copy of OTL and then download a fresh copy.
Open OTL
In Custom Scans/Fixes put the following:

c:\windows\installer\@ /s
c:\windows\installer\*.@ /s


Run a Quick Scan and attach the new log. 
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 11, 2012, 02:53:44 PM
Hi,

When I recently tried to carry out an OTL Fix my computer immediately crashed into a black screen....you suggested trying in Safe Mode, but I can't use Safe Mode because my keyboard doesn't function at start-up.  :-\
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 11, 2012, 03:57:58 PM
Hi,

Ok....I am wondering if it might be a new variant of a rootkit that is out there.

Please delete the current version of Combofix.exe from your desktop and download a new version from here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Double-click on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.
---------
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 11, 2012, 04:53:26 PM
May I ask what is making you think that....the BSOD I had while GMER Rootkit Scanner was running (I have never had a BSOD before and I've read that a number of others have had this issue too)? Or something on the logs....if so what exactly (I'm interested and inquisitive)? The only original problem I had was the infected MySpace pages. I'm afraid to run anymore scans because of the further BSOD I recently had at start-up.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 11, 2012, 05:06:56 PM
I am just looking over similar symptoms that others are experiencing.  Did you ever run HDTune like I instructed you to do? 
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 11, 2012, 05:17:57 PM
Okay....no, because it's a scan and I'm afraid of another BSOD, which could potentially leave me without a computer - I do not have a spare one.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 11, 2012, 05:46:15 PM
With the age of your system it seems like the hard drive might be failing, but if you don't run the scans I am not sure how I might be able to help you?   :-\
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 12, 2012, 01:45:37 AM
Yes, that may be the case, I guess I'm scared of speeding up the process  :)....I want to run a Dell Hardware Diagnostics Test, but it requires Microsoft NET Framework 3.5 Service Pack 1 and I am having problems with installing it, been trying all night....
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 12, 2012, 03:32:20 AM
Are you getting any error messages when you are trying to update the NET Framework???
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 12, 2012, 11:25:00 AM
I had a very strange start-up this morning - trying to remember if I left it in Stand By by mistake - pages are not loading correctly either. Think this computer may completely conk out at any point now.  :(

Re: Microsoft .NET Framework 3.5 Service Pack 1:

I am being advised that: Setup has detected that this computer does not meet the requirements to install this software. Requirement: Windows Installer 3.1.

However, when I try to install Windows Installer 3.1: Setup has determined that the Service Pack version of this system is newer than the update you are applying. There is no need to install this update.

Checked on the Microsoft download page....it's not actually suitable for XP with SP3. If I can I will email Dell today about this issue.

Thanks for staying with me on what may be a sinking ship.... :-\
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 12, 2012, 01:34:15 PM
Hi,

You could visit the page here >> http://support.microsoft.com/kb/976982 and press the FixIt button.  That may help with this problem.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 12, 2012, 05:11:26 PM
Another BSOD at start-up:

An attempt was made to write to read only memory.

STOP 0X000000BE

USbuhci.sys -

Then:

The system has recovered from a serious error

Microsoft Windows Error Reporting

Troubleshoot a problem with a device driver

You received this message because a device driver installed on your computer caused Windows to stop unexpectedly. This type of error is referred to as a "stop error." A stop error requires you to restart your computer.
Steps to address this problem

Use Windows Update to check for updated drivers (Already done - no essential updates necessary)
Steps to work around this problem

Warning
These steps are designed to address a particular problem but might do so by temporarily disabling or removing some functionality on your computer.

    If this problem occurred after you installed a new hardware device on your computer, the problem might be caused by the device driver. Go online to learn how to use the Dell Driver Reset Tool or uninstall the driver.

    How do I disable or uninstall a device driver?
        Click Start, and then click Control Panel. If you are using Classic View, click Switch to Category View.
        Click Performance and Maintenance, and then click System.
        Click the Hardware tab, and then click Device Manager.
        Click the plus sign (+) next to the faulting device. You should now see the device listed.
        Right-click the device, and then click Disable or Uninstall.

    If this problem occurred after you installed new software, the software might have installed a driver that caused the problem. Try uninstalling the software. Could GMER Rootkit Scanner have installed a driver? Although we did use the 'Clean' tool.

    How do I uninstall a program?

    If you don't know the specific driver or software, go online to learn more about performing a System Restore.
    For information about your support options, go online to the Support.Dell.Com website.


I have emailed Dell Sales because attempts to contact Technical Support failed due to my service code not being found. I only want to ask about the test which is free for all though....it's not warranty related.

Will keep trying with Microsoft NET Framework 3.5 Service Pack 1

There's an email address for GMER Rootkit Scanner - maybe they'll have an idea of what might have sparked this issue off during the scan? Maybe the computer was already on the edge and it tipped it over?

You're supposed to be here for malware removal only....and I'm becoming a wreck.  :-\
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 12, 2012, 05:26:06 PM
Hi,

There seem to be corrupted files on your system that are causing problems.  GMER is nothing more than a scanner and we did nothing with it to try and fix anything.  The fact that the BSOD began when the program was running is coincidental. 

I am sorry but I don't recall...Do you have the XP install CD? If so, go to Start -> Run and type sfc /scannow Press Enter

This will initiate the Windows File Protection system, which will scan through your system files and check to see if any are damaged.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 12, 2012, 05:51:31 PM
Okay....no, I don't have a CD unfortunately (and I don't know anyone who has one)....I wanted to do sfc /scannow before for another issue but couldn't....

Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 12, 2012, 06:39:33 PM
Ok... I am checking with colleagues to see what we can get worked out.  :)   
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 12, 2012, 06:48:47 PM
Thank you.  :)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 12, 2012, 11:21:23 PM
I looked up the error message again that I received today....drivers....so I had another careful look at Device Manager tonight (as you suggested earlier) and found Creative AudioPCI - I checked again under optional Windows Updates (which I normally ignore if I don't know what they are, I only install essential) - one was listed for Creative AudioPCI....I installed it and instantly regained the sound in one of my speakers that I recently noticed I'd completely lost and I also have new sounds coming from my computer  :) - could this driver be behind the BSODs? 
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 13, 2012, 01:43:27 PM
Quote
I also have new sounds coming from my computer
What do you mean by this? 
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 13, 2012, 07:48:01 PM
Oh, by that I mean XP start-up, stand-by tunes, not worrying noises....

Since the Dell Hardware Diagnostics Test (which I wasn't able to complete because of the Windows 3.1 installer issue) my computer has been starting up differently....have to now click on user name and my settings then load....never done that before....a change has been made.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 13, 2012, 08:07:33 PM
Hi,

Code: [Select]
@echo off
regedit.exe /e "%userprofile%\Desktop\look.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup"
Notepad.exe %userprofile%\Desktop\look.txt
Del look.txt
Del %0
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 13, 2012, 08:33:31 PM
I am being asked what program I want to open it with, I chose Notepad, but the script looks the same as yours? I did save under All Files....should it have been Unicode or ANSI....I chose Unicode? Back later.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 13, 2012, 08:45:39 PM
Just stick with UNICODE

Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 13, 2012, 09:00:25 PM
When I click on it a black screen momentarily appears then vanishes. Can I manually check this - I've checked the registry before?
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 13, 2012, 10:03:27 PM
We can try the instructions below to help run sfc /scannow but I have been speaking with colleagues and they are suggesting a complete format and reinstall of Windows.  There seem to be many problems and we may be chasing them down for some time and never actually be able to find them all.  :(


Go to Start >> Run >> type regedit and this will open the Registry Editor.  Go to

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup]
Highlight the Setup folder.

On the right pane, locate the SourcePath.

Double-click the SourcePath and replace the drive letter in the box to C:\ (if you copied the files to your C:\ drive). Make sure it's C:\ and not C:\i386.

Close the registry editor.

Let me know when that is finished.  :)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 13, 2012, 11:14:50 PM
Yes, it's all getting too much, a complete format and reinstall of Windows would be ideal, but I would need a computer technician to carry that out (I've never done it before) and I don't think this machine is worth spending anymore money on....best if I just save for a new one.

As for sfc /scannow I did try before, but it kept demanding the XP / SP3 CD.

SourcePath is C:\ not C:\i386, but I believe I do have a C:\i386 folder....

Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 14, 2012, 01:12:32 AM
Do you have the original Windows disk that should have come with the system?
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 14, 2012, 01:32:04 AM
I only have the original Windows ME CD....a computer technician repaired and upgraded my computer to XP, but it later transpired to be an unlicensed copy....a PC World technician removed that and put a genuine XP copy on it, but because I didn't have a CD to give to him, he couldn't give me one back. The other problem is I believe I would need a slipstreamed XP / SP3 CD to run sfc /scannow.  :( 
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 14, 2012, 02:05:25 AM
If I can stop these BSOD's I can just about manage (none today) - although I really don't like the fact that I can't run a System Restore or use Safe Mode, but I believe the former may be because I have installed Norton in the past....apparently it can knock out System Restore? and the latter because the keyboard is an add-on.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 14, 2012, 03:03:53 AM
Hi,

The easiest way to reset services is to use this tool.

Download  Windows Repair (all in one)  from this site (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)

Install and then run the program.

On the Start Repairs tab, select Advanced Mode and click Start
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture1.gif)


Select the items Checked in the screen shot below (remove the checks from the rest ) and check Restart System When Finished.

(http://i1224.photobucket.com/albums/ee380/jeffce74/WindowsRepairTool.jpg)
----------
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 14, 2012, 01:23:10 PM
Thank you for that.  :)

Think I've found the cause of the difference in start-up:

http://windowsxp.mvps.org/autologon.htm

I have just installed an optional Microsoft .NET Framework 1.1 update and I can see a ASP.NET username....

I will try to uninstall it.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 14, 2012, 01:54:02 PM
Please run the MGA Diagnostic Tool and post back the report it creates:
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 14, 2012, 02:34:59 PM
Hi,

I had to download the Microsoft Genuine Advantage Tool in order to obtain Microsoft Updates....my operating system passed as genuine....or is this different?
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 14, 2012, 02:40:31 PM
No that is the same one.  We wanted to be sure that you didn't receive another bad copy of Windows when you had it reinstalled. 

How is your system behaving?
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 14, 2012, 03:43:43 PM
Good idea given what happened first time around.

I don't want to speak too soon, but it's been okay....rather sluggish at start-up, but right now running quite fast.

The only errors listed in Event Viewer worth noting on the shutdown dates are: ACPI BIOS is attempting to write to an illegal IO port address error**, but my computer was having those regularly in mid May before the BSODs started.

**probably because my computer is not fully compliant with the XP power management settings being that it had Windows ME on it originally

Plus....

Boot problems? This error shouldn't prevent your system from booting, even if it does demand that it be shut down immediately. If you're having boot problems, it's likely there's at least one other issue involved.

All BSODs have been at boot-up apart from the first during the scan.
 
Since I installed the Creative AudioPCI Microsoft Update (which immediately corrected the loss of sound in one speaker) I have not had any further BSODs. Still don't understand why that was only marked as optional. Remember the: Driver IRQL not less or equal blue screen error - well that device is listed under Device Manager Interrupt request (IRQ) and Microsoft Windows Error Reporting stated that the last BSOD was caused by a device driver.

Or maybe Windows just got rattled and it'll settle down now....I hope so.

Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 14, 2012, 04:04:28 PM
How about you just let it run for today and see how it behaves.  :)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 14, 2012, 04:12:10 PM
Good idea - let's all have a rest for a few days....Windows allowing.  :)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jeffce on June 14, 2012, 08:00:21 PM
 :)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 16, 2012, 01:25:33 PM
Hi,

An update....unfortunately my computer has had two further BSODs this morning, one at boot-up and one during surfing - Driver IRQL not less or equal cause given again....yesterday it was fine. Does HD Tunes just diagnose or can it rectify too....also, does it look at drivers?

I don't know what more you can do to help me with this and I can see you are about to go on holiday....have a lovely time / good rest.

Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 16, 2012, 01:49:14 PM
Just found this:

Unsupported Device:

on Microsoft ACPI-Compliant System

No drivers are installed for this device.

If you are having problems with this device, click Troubleshoot to start the troubleshooter.

Will get back to you....

Opened Help and Support Center (which you may recall I have problems with) / Generic Hardware Device Troubleshooter / I'm having a problem with my hardware device....but then I can't get any further, a message comes up:

An ActiveX Control on this page is not safe. Your current security settings prohibit running unsafe controls on this page. As a result, this page may not display as intended.

Well, that's not right, but shall I alter my security settings for this? 
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: essexboy on June 16, 2012, 07:25:28 PM
Hi I will be looking after you whilst Jeff is away

A few quick questions if I may... Is this a HP machine ?

Also has Jeff asked for a clean boot
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 16, 2012, 07:49:03 PM
Hi essexboy,

Thanks for stepping in to help. No, it's a Dell desktop. I'm getting really afraid to do anything now in case it doesn't start up again - it just turned itself off with a normal Windows shutdown earlier without any prompting from me.

I was about to downlaod Windows Debugger....

Just to let you know that I can't use Safe Mode (keyboard doesn't function at start-up) or System Restore.

No, Jeff hasn't asked for a clean boot.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: essexboy on June 16, 2012, 07:52:41 PM
OK what we can do then is disable all startup elements on the computer apart from the ones needed to run it, that way we may be able to determine if you have a driver conflict somewhere

Have a read of the destructions and let me know how you feel about it

Step 1:

Start the System Configuration Utility
Click Start, click Run, type msconfig, and then click OK.
The System Configuration Utility dialog box is displayed.

Step 2:

Configure selective startup options
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
Click to clear the Process SYSTEM.INI File check box.
Click to clear the Process WIN.INI File check box.
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, click Restart to restart the computer.

Step 3: Log on to Windows

If you are prompted, log on to Windows.
When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

Quote
You have used the System Configuration Utility to make changes to the way Windows starts.
The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.
Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.

Now we get to the tedious part,:

If windows behaves itself then do the following

Restart MSConfig and select half of the disabled services and reboot

Is the problem still present ?

If Yes then deselect half of the services that you resumed and reboot

If no then select half of the remaining services and reboot

The intention here is to isolate the one service/driver that is causing the problem
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 16, 2012, 08:58:25 PM
!!

"Have a read of the destructions"

Sounds like a good idea, but I'm quite nervous about altering start-up because of not having arrows / enter keyboard function.

I've been working at this all day....I'll have a break and come back to you....if I can!

 :)

Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 16, 2012, 11:18:31 PM
Hi,

May I ask:

For clean boot will I definitely not have to select options with my keyboard to boot Windows (because I can't)?

Will I be able to surf the internet in clean boot?

My computer can run quite normally for several days with no BSODs, does this mean that I will have to stay in clean boot for several days to see if the problem recurs?

I may use Microsoft's Guided Help to automatically do this for me if I go ahead.

Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 17, 2012, 01:09:35 AM
Unfortunately I've just found out that I do need a keyboard to use the Advanced Boot Options menu for clean boot.
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: jesamine on June 20, 2012, 05:56:42 PM
Update

My computer is now not working at all - it will not boot-up....repeated BSOD. I am in an Internet Cafe!

Just ordered a PS/2 keyboard.

Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: joyce.babael on November 03, 2012, 03:26:16 AM
i then used mbam.

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.02.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Joyce :: JOYCE-PC [administrator]

Protection: Enabled

11/2/2012 10:00:09 AM
mbam-log-2012-11-02 (10-00-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226087
Time elapsed: 33 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Joyce\AppData\Local\Temp\IWantThis.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\Joyce\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: iroc9555 on November 03, 2012, 05:05:31 AM
Hi Joyce.

It would have been better if you started your un topic. This is an almost 5 months old thread.

Follow this guide and attach the logs. DO not paste/copy then please.

http://forum.avast.com/index.php?topic=53253.0
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: janicel otero on November 03, 2012, 07:02:07 AM
the trojan horse blocked is still repeating ..what can i do  now???is scanning is enough to solve this problem??pls respond me now... :'(
Title: Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
Post by: mchain on November 03, 2012, 07:44:31 AM
the trojan horse blocked is still repeating ..what can i do  now???is scanning is enough to solve this problem??pls respond me now... :'(
Hi Joyce.

It would have been better if you started your un topic. This is an almost 5 months old thread.

Follow this guide and attach the logs. DO not paste/copy then please.

http://forum.avast.com/index.php?topic=53253.0
As iroc9555 says, you need to start your own topic to get the help you need.  Scanning is not enough, but Avast! is telling you are infected, but cannot remove/kill the infection by itself. 

What it is doing at the moment is preventing further damage to your computer by blocking the malicious actions being performed by the trojan horse.

You need a certified malware expert to help you cleanse your system; please start your own topic so that can happen. 

You can do that by going to the main 'avast support forums' and clicking 'start a new topic' while you are logged on to avast forums.  Either viruses and worms or avast free/pro/suite will do, but as this is an active infection, viruses and worms would be the best place to start.