Avast WEBforum

Other => Viruses and worms => Topic started by: Johnsonian on July 08, 2012, 05:50:24 AM

Title: Malicious URL Blocked (hxtp://includeit.info...)
Post by: Johnsonian on July 08, 2012, 05:50:24 AM

Each webpage presents this message.

I ran Malware Bytes quick scan last night and removed found files , following is the log from yesterday:



Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Johnson :: JOHNSON-PC [administrator]

Protection: Enabled

7/6/2012 7:13:52 AM
mbam-log-2012-07-06 (07-13-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 265784
Time elapsed: 25 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Privacy Protection (Rogue.PrvacyProtect) -> Data: C:\Users\Johnson\AppData\Roaming\privacy.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Johnson\AppData\Local\Temp\C99E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Johnson\AppData\Local\Temp\is1373634743\IWantThis_IC_V3_US.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

(end)

Message continues today (after reboot).  New quick scan gave me this log:

Database version: v2012.07.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Johnson :: JOHNSON-PC [administrator]

Protection: Enabled

7/7/2012 10:12:13 PM
mbam-log-2012-07-07 (22-12-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266357
Time elapsed: 25 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

What should be my next step in removing this?

Thanks in advance.

Title: Re: Malicious URL Blocked (hxtp://includeit.info...)
Post by: mikaelrask on July 08, 2012, 09:43:40 AM

hey and welcome to the forum. i suggest you follow this guide and then a malware expert will help you from there.

http://forum.avast.com/index.php?topic=53253.0.

Title: Re: Malicious URL Blocked (hxtp://includeit.info...)
Post by: !Donovan on July 08, 2012, 04:13:02 PM

Similar Problem Here: http://forum.avast.com/index.php?topic=100891.0
See Polonus' link.

If you need help understanding if you do not speak french..:
Google Translate (http://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Fwww.malekal.com%2F2012%2F07%2F05%2Favast-urlmal-httpincludeit-infoinclude-jsid%2F)

And if you need to confirm a phrase that Google can't return properly:
http://www.linguee.com/english-french/search