Avast WEBforum
Other => Viruses and worms => Topic started by: kimandalle on March 29, 2011, 02:23:09 PM
-
I keep getting the message that the computer is being blocked from communicating with a dangerous site:
the object is 62.122.73.203/545/getcfg.php
The path is in the C: Asus/Appdata/Local/Temp/DAT827F.tmp.exe
Apparently it's related to a async file, as it's named Async Trace DLL
What do I do with this?
-
You might have been infected with either TR/Kazy.8389.7/6 or TR/DyCode.B.9 or TR/Malagent.A.536 or Trojan-Dropper.Win32.Mudrop.as this domain is alive and spreading these kinds of malware:
I think it is the Mudrop one, because no av detects this as yet there: http://forum.avast.com/index.php?topic=61867.0 and for cleansing: http://forum.avast.com/index.php?topic=61867.0 (use safe mode and disable/enable system restore),
polonus
-
Okay, as I am a complete and total newbie, is there a step-by-step detail for me to follow, somewhere? I am very nervous about trying to do anything with the computer's "innards", as it were.
-
Okay, as I am a complete and total newbie, is there a step-by-step detail for me to follow, somewhere? I am very nervous about trying to do anything with the computer's "innards", as it were.
Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the logs HERE in this topic and not in the guide )
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTS log )
Essexboy will look at the log`s when he arrives here later today
-
Okay, I've followed that stuff - the logs are attached.
-
Essexboy will be here in about 2 - 3 hours
-
Knock wood - but so far the problem hasn't been huge, just highly annoying. Unfortunately, the reports I could understand said nothing was wrong. ???
Thank you for all your help.
-
C: Asus/Appdata/Local/Temp/DAT827F.tmp.exe
you may try this while waiting, it sometimes work
Temp File Cleaner by OldTimer
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
-
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Processes - Safe List]
YY -> dat827f.tmp.exe -> C:\Users\Asus\AppData\Local\Temp\DAT827F.tmp.exe
[Registry - Safe List]
< FireFox Extensions [Program Folders] > ->
YY -> Java Console -> C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
YY -> Java Console -> C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
YY -> Java Console -> C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
< Run [HKEY_USERS\S-1-5-21-350271379-3965886678-2468626992-1000\] > -> HKEY_USERS\S-1-5-21-350271379-3965886678-2468626992-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "DAT827F.tmp.exe" -> C:\Users\Asus\AppData\Local\Temp\DAT827F.tmp.exe [C:\Users\Asus\AppData\Local\Temp\DAT827F.tmp.exe]
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
-
I tried the latest suggestion by Pondus, and for the time being, I haven't had any more pop-up messages. Should I still try the fix, or will it cause a new problem if the issue has been cleared up already?
-
follow Essexboy advice
-
Here's the latest log.
-
TFC killed the file and I removed the reg key ;D
How is it running now ?
-
Running smoothly and there's no pop-up panic. Yay! :)
I do believe y'all are geniuses. Heh. I can't thank you enough, honestly. I know it's ridiculous, but even with all the backups in the world - remote or otherwise - my whole blinkin' world is on this thing. I tend to panic easily, so you'll probably hear from me again.
I apologize in advance for that, of course.
-
No probs - just run OTS and hit the cleanup button
-
Hi, uhm, I also got this an hour ago or so, and I tried the fix, but unfortunately, it didn't work for me.
If it's any help, I will note that I only downloaded OTS, and the MalwareBytes Anti-Malware.
I have the logs from my most recent try (I've tried twice as of this post). As should be obvious, I'm also a complete newbie, and I ask that you be patient with me, if I am doing something wrong.
-
when you ask for help, always start a new topic and not inside someone else's
helping multiple people in same topic will be chaotic
you find the new topic button above the orange line here http://forum.avast.com/index.php?board=4.0
-
Alright, I will, thanks for pointing that out.