AVAST: message pops up constantly

[cattivik_1964]

I find this Malware Virus ...
Please Help me

The Avast message is:
URL:   h==p://stream-xtech.eu/xmlrpc.php
Processo:   C:\Windows\Explorer.EXE
Infezione:   URL:Mal

in attachment my OTL log
Tks a lot

[essexboy]

Could you run AswMBR please

Download aswMBR.exe ( 4.5mb ) to your desktop.
 Double click the aswMBR.exe to run it  Click the "Scan" button to start scan 




On completion of the scan click save log, save it to your desktop and post in your next reply

THEN

Re-run OTL and ensure all users is selected

[cattivik_1964]

My logs:  aswMBR and OTL

[essexboy]

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 

• Doubleclick on TDSSKiller.exe to run the application
  
  
  
• Then click on Change parameters.
   
  
   
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
  
• Click the Start Scan button.
   
   
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
   
  
   
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
• Get the report by selecting Reports

 

• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  

Please copy and paste its contents on your next reply.

[cattivik_1964]

The message exceeds the maximum allowed length (10000 characters).
See file in attach

[essexboy]

Are you still getting the alerts ?  As I can currently see no malware

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[cattivik_1964]

It's locked, see attach.

The message is again

URL:   h==p://stream-xtech.eu/xmlrpc.php
Processo:   C:\Windows\Explorer.EXE
Infezione:   URL:Mal

[essexboy]

Could you retry coombofix from safe mode, if that fails we will do something else

[cattivik_1964]

Coombifix run in safe mode, it fails again.

[cattivik_1964]

Restarted pc, the messages is again

[essexboy]

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop

• Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
• Launch drwebliveusb.exe.
• The program will detect available USB-devices automatically and prompt you to choose the one you’d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).

• To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
• Files will be copied automatically.
• Once the copying process is completed, press the Exit button to close the application.
• Reboot the infected computer with the USB in the drive
• Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
  
• As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

• Use arrow keys to select  DrWeb-LiveCD (Default)
• When the system is loaded, check the disks or folders you want to scan, and click on ?Start?.

• The programme will now scan for and cure/delete any malware that it finds.  Allow it to do so 
• Once completed reboot to normal windows
• No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

[ayaanoo]

I have same problem.
avast has blocked a threat (trojan horse) and the pops up appears constantly. it happens all time (every minutes). what should I do to fix this problem? thx

[mikaelrask]

hey ayaanoo please start your own topic and follow this guide. attach the logs. a malware expert will help you from there.

http://forum.avast.com/index.php?topic=53253.0

[cattivik_1964]

I created a bootable USB flash drive.
I rebooted the computer with the USB in the drive.
As loading starts, I choosed the Live Cd.
The system is loaded and is stopped (black window in graphic mode),  it does not work.

[essexboy]

OK there is obviously a new variant MBR out there

When you reboot the computer is there an option for recovery console as it boots ?

If so download to your C drive

 Farbar Recovery Scan Tool

Reboot to the recovery console
At the command prompt type CD..
Until you get to the C:> prompt
Then type FRST.exe
The tool will start to run.
When the tool opens click Yes to disclaimer.

Press Scan button.
It will make a log (FRST.txt) on the C drive. Please copy and paste it to your reply.