Avast WEBforum

Other => Viruses and worms => Topic started by: affrancos on September 18, 2012, 08:38:12 AM

Title: URL MAL...http://i.trkjmp.com/crossdomain.xml
Post by: affrancos on September 18, 2012, 08:38:12 AM
I think i have the same problem as the recent posts, it seems to be gones since i deleted firefox...
Title: Re: URL MAL...http://i.trkjmp.com/crossdomain.xml
Post by: affrancos on September 18, 2012, 07:20:17 PM
any help? anyone?
Title: Re: URL MAL...http://i.trkjmp.com/crossdomain.xml
Post by: magna86 on September 18, 2012, 08:00:09 PM
Monitoring  8)
Title: Re: URL MAL...http://i.trkjmp.com/crossdomain.xml
Post by: magna86 on September 18, 2012, 08:06:17 PM
Hi affrancos.

I will be working on your Malware issues  ;)


  Step#1 

Re-run OTL.exe.

Code: [Select]

:OTL
CHR - Extension: Codec-V = C:\Users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.20.61_0\crossrider
CHR - Extension: Codec-V = C:\Users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.20.61_0\
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [PlusService] C:\Program Files\Messenger Plus! Live\PlusService.exe File not found
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O33 - MountPoints2\{6ac723ef-35e9-11df-b63e-904ce5e60744}\Shell - "" = AutoRun
O33 - MountPoints2\{6ac723ef-35e9-11df-b63e-904ce5e60744}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6ac72415-35e9-11df-b63e-904ce5e60744}\Shell - "" = AutoRun
O33 - MountPoints2\{6ac72415-35e9-11df-b63e-904ce5e60744}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6ac72419-35e9-11df-b63e-904ce5e60744}\Shell - "" = AutoRun
O33 - MountPoints2\{6ac72419-35e9-11df-b63e-904ce5e60744}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9dbbe86f-35e6-11df-8d7c-904ce5e60744}\Shell - "" = AutoRun
O33 - MountPoints2\{9dbbe86f-35e6-11df-8d7c-904ce5e60744}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9dbbe88a-35e6-11df-8d7c-904ce5e60744}\Shell - "" = AutoRun
O33 - MountPoints2\{9dbbe88a-35e6-11df-8d7c-904ce5e60744}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9dbbe88d-35e6-11df-8d7c-904ce5e60744}\Shell - "" = AutoRun
O33 - MountPoints2\{9dbbe88d-35e6-11df-8d7c-904ce5e60744}\Shell\AutoRun\command - "" = F:\AutoRun.exe
[1 C:\Users\pipe\Desktop\*.tmp files -> C:\Users\pipe\Desktop\*.tmp -> ]

:files
C:\Users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c

:commands
[CREATERESTOREPOINT]
[emptytemp]


*********************

  Step#2 

> Re-run OTL , click on RunScan and attach here fresh OTL.txt log.



*********************

  Step#3 

> Check USB storage devices / removable drives


Download MCShield from one of the following links:

MyCity -  Official download link (http://amf.mycity.rs/mcshield/)
Softpedija - Mirror download link (http://www.softpedia.com/get/Antivirus/MCShield.shtml)

Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
When all scanning is done, you need to attach a logreport that has made MCShield.

Start -> All Programs -> MCShield -> Logs

Attach here -> AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.




Title: Re: URL MAL...http://i.trkjmp.com/crossdomain.xml
Post by: affrancos on September 19, 2012, 02:55:37 AM
ok first txt. (0918...) is OTL with the code, OTL(1) is post fix.

thank you for the help.
Title: Re: URL MAL...http://i.trkjmp.com/crossdomain.xml
Post by: magna86 on September 19, 2012, 04:10:55 PM
Re-run OTL.exe.

Code: [Select]

:services
aimz3cxe

:commands
[Reboot]

************************

Let's reset your browser settings. 

Download AT-Destroyer by @Infospyware from here to your desktop.
http://www.infospyware.com/antispyware/at-destroyer/

( Click the green button Descarag )
note: The entire tool is on French language.


AT-Destroyer momentarily disconnect the desktop.
If infected, the AT-Destroyer red lines indicate where the infection is detected, it will be green lines.
After the scan, you can again see the desktop and it will open a report, to be copied into your next reply commenting on how the system works.
If a program does not start, restart the PC.


***************


Reboot your computer. How's your system running now?




Title: Re: URL MAL...http://i.trkjmp.com/crossdomain.xml
Post by: affrancos on September 19, 2012, 07:25:26 PM
its actually spanish  ;) but hey my computer is working great! thank you very much for your help, no more annoying pop up messages. i appreciate everything you've done  :) logs are attached.
Title: Re: URL MAL...http://i.trkjmp.com/crossdomain.xml
Post by: magna86 on September 19, 2012, 07:35:12 PM
its actually spanish  ;)

Ahaha, I didnt know.  ;D
Thanks for the info.  :D


> Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.