Author Topic: Malicous URL (Read 4872 times)

djscottie · « **on:** September 18, 2012, 12:27:23 AM »

Hi,

I keep getting the same message when opening every new page on chrome........ http://trkjmp.com/kwd?c

Please could you advise on how to get this sorted and what it actually means.

Thank you

Scott

DavidR · « **Reply #1 on:** September 18, 2012, 12:34:48 AM »

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

Please 'modify' your post change the URL from http to hXXp, to break the link and avoid accidental exposure to suspect sites, thanks.

djscottie · « **Reply #2 on:** September 18, 2012, 01:11:13 AM »

ad cleaner log and malware log

Will post other logs when finished

DavidR · « **Reply #3 on:** September 18, 2012, 01:37:29 AM »

OK - There may be some delay in analysing the logs due to differing time zones and availability of the volunteer malware removal specialists.

djscottie · « **Reply #4 on:** September 18, 2012, 08:26:38 PM »

OTL Logs

Pondus · « **Reply #5 on:** September 18, 2012, 08:43:00 PM »

i see you are using software from IObit

here is some info in case you want to reconcider
http://www.malwarebytes.org/forums/index.php?showtopic=29681
http://www.malwarebytes.org/forums/index.php?showtopic=30989
http://www.malwarebytes.org/forums/index.php?showtopic=33217

djscottie · « **Reply #6 on:** September 18, 2012, 08:57:13 PM »

The main reason I got Iobit was to speed up the laptop and clear all the junk that was slowing it down. So, is it worth deleting it and if so, do you know of a good alternative?

djscottie · « **Reply #7 on:** September 18, 2012, 08:59:07 PM »

aswMBR Log

Pondus · « **Reply #8 on:** September 18, 2012, 09:07:45 PM »

Quote from: djscottie on September 18, 2012, 08:57:13 PM

The main reason I got Iobit was to speed up the laptop and clear all the junk that was slowing it down. So, is it worth deleting it and if so, do you know of a good alternative?

CCleaner http://www.piriform.com/. obs remember to untic the toolbar during the install....unless you want it
or use the slim installer. http://www.piriform.com/ccleaner/builds

essexboy · « **Reply #9 on:** September 18, 2012, 09:15:53 PM »

Try this and let me know the result

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code: [Select]

:OTL
IE - HKLM\..\SearchScopes\{60a5deaa-eb33-463b-ab00-7addb02c330a}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=z9xdm005YYGB&ptb=B62E2CA2-DA32-407D-AC60-2EE21516C472&psa=&ind=2010101604&ptnrS=z9xdm005YYGB&si=&st=sb&n=77cfb764&searchfor={searchTerms}
IE - HKU\S-1-5-21-3652234653-703965016-2005572623-1000\..\URLSearchHook: {432cad96-6aa6-407a-ab37-6cfdcd73f377} - No CLSID value found
IE - HKU\S-1-5-21-3652234653-703965016-2005572623-1000\..\URLSearchHook: {ec55ed14-0d79-480e-8f86-a6c45b524f8a} - No CLSID value found
IE - HKU\S-1-5-21-3652234653-703965016-2005572623-1000\..\SearchScopes\{60a5deaa-eb33-463b-ab00-7addb02c330a}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=z9xdm005YYGB&ptb=B62E2CA2-DA32-407D-AC60-2EE21516C472&psa=&ind=2010101414&ptnrS=z9xdm005YYGB&si=&st=sb&n=77cfb6a6&searchfor={searchTerms}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1466@crossrider.com: C:\ProgramData\SendSpaceExtention\firefox [2011/11/23 23:24:32 | 000,000,000 | ---D | M]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll ()
O3 - HKU\S-1-5-21-3652234653-703965016-2005572623-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3652234653-703965016-2005572623-1000\..\Toolbar\WebBrowser: (no name) - {3BCF580A-ADCA-4B91-86E0-3898010003E6} - No CLSID value found.
O3 - HKU\S-1-5-21-3652234653-703965016-2005572623-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3652234653-703965016-2005572623-1002\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O4 - HKU\S-1-5-21-3652234653-703965016-2005572623-1000..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe (Crossrider)

:Files
C:\Users\Acer Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdglekpmmdlmdfogflhiponnndbokpk
C:\Program Files\CrossriderWebApps

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

djscottie · « **Reply #10 on:** September 18, 2012, 10:41:14 PM »

Hi, Heres the next OTL Log....

essexboy · « **Reply #11 on:** September 18, 2012, 11:05:06 PM »

Have the alerts ceased ?

Author Topic: Malicous URL (Read 4872 times)

djscottie

Malicous URL

DavidR

Re: Malicous URL

djscottie

Re: Malicous URL

DavidR

Re: Malicous URL

djscottie

Re: Malicous URL

Pondus

Re: Malicous URL

djscottie

Re: Malicous URL

djscottie

Re: Malicous URL

Pondus

Re: Malicous URL

essexboy

Re: Malicous URL

djscottie

Re: Malicous URL

essexboy

Re: Malicous URL