Avast WEBforum

Other => Viruses and worms => Topic started by: 4444 on April 01, 2012, 11:45:53 PM

Title: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 01, 2012, 11:45:53 PM
Hi to everyone..

Each time I enter at my myspace wabpage, avast detects and blocks those virus:

URL:Mal y HTML:RedirME-inf

My myspace webpage is:

hxxp://xxx.mysxxxpace.com/xxxxxxx

I tryed changing password, updating avast, and changing the code of the persolalizad widgets of the page, but AVAST keeps notifying about those virus. Im totally lost, any help?

___________

Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: Pondus on April 01, 2012, 11:50:14 PM
can you attach a screen shot of the avast warning ?



urlQuery - suspicious
http://urlquery.net/report.php?id=36831


wepawet list some redirects..
http://wepawet.iseclab.org/view.php?hash=3b77f4196c20617f5768b96bab505453&t=1333317231&type=js
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 12:03:59 AM
(http://img21.imageshack.us/img21/3337/virus1j.jpg/)

http://img21.imageshack.us/img21/3337/virus1j.jpg

ok, this is one, ill try to upload the other
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: Pondus on April 02, 2012, 12:10:01 AM
you can attach them here....
crop the picture so we only see the avast warning..and attach here

see belowe the text box    "Attachments and other options"
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 12:11:46 AM
OK here are both
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: polonus on April 02, 2012, 12:16:01 AM
Get no avast alerts when opening in Google Chrome. Has that what is flagged been cleansed or does it no longer respond?
Get several  HTTP 1.1 302 Object moved i.e.  "response.redirect" on the requested page,

polonus
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 12:24:27 AM
chrome works perfectly, no message opening other websites, is only each time I refresh my web: hxxp://xxxx.myxxxxce.com/xxxxxxx

the second part of your question i dont understand it, after each alert everything works fine, AVAST seem to just block those virus, nothing more, my computer seem to work well..

is that answering?

also, I have done an AVAST  full system scan and my computer dont seem to be infected
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 12:30:05 AM
Also, I have to say that I have seen AVAST virus alerts in others myspace profiles, but NEVER in mine. Untill now

Dont remember the virus of the other profiles. Is it a fake alarm?

Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 12:32:36 AM
Quote
Get no avast alerts when opening in Google Chrome.

do you mean that you dont have the AVAST popup message entering in the web?

Should I reinstallo AVAST?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: adotd on April 02, 2012, 12:32:52 AM
i know that im not allowed to post in here

polonus

 
Quote
hxxxp://b.s/***************or**************earch.com/

ROGUE SECURITY SCANNER
   
read that m8

hxxxp://www.urlvoid.com/scan/scor********************.com/

I WOULD HAVE SENT IT BY PM BUT I CANT
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 12:46:20 AM
can you attach a screen shot of the avast warning ?



urlQuery - suspicious
http://urlquery.net/report.php?id=36831


wepawet list some redirects..
http://wepawet.iseclab.org/view.php?hash=3b77f4196c20617f5768b96bab505453&t=1333317231&type=js

hxxxp://b.scorecardresearch.com/beacon.js


Sorry for my ignorance, but those links say nothing to me or very few..

Doctor? how do I solve my problem.. Do I have a problem?

THANKS ALOT
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: adotd on April 02, 2012, 12:56:45 AM
Please hold on, im trying to get someone to help you. 8)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: polonus on April 02, 2012, 01:03:03 AM
@adotd,

Here you may participate, because it is not about giving advice for qualified malware removal. And you are not hindering a qualified malware routine.
What you come up with  is a privacy risk for a particular subdomain found there, that is flagged, but they say it is currently found safe. Good observation, as it is tracker script, and benign as far as we can establish here: http://zulu.zscaler.com/submission/show/95f6e60bcecfc453edd2f9bea7f3e8c9-1333320107
The BrightCloude index score is green 88 for the IP, that means "There is a very low probability that the user will be exposed to malicious links or payloads",

@4444
I found the vulnerability via Chrome PasswordFail extension and this is valid:

And this was a  problem: This website send passwords in clear text upon request
NAME   MySpace
TYPE   Social Network
STATUS   Insecure
REPORTED BY   sondreb
REPORTED DATE   Saturday, September 12, 2009
LAST UPDATED DATE   Saturday, September 12, 2009

And we have this report: http://www.google.com/safebrowsing/diagnostic?site=www.msplinks.com
See: http://www.unmaskparasites.com/web-page-options/?   3 exploits), 1 scripting exploit:
url=hxtp//www.msplinks.com/MDVodHRwOi8vd3d3LmJsZWVwaW5nY29tcHV0ZXIuY29tL2ZvcnVtcy90b3BpYzM5MDU0MC5odG1s%3Ft%3Dq0iUWTbWPeWgQTnFXorIMYqhYNULQkEFV7OeQS8S14zsRvDdKxEhjSKIX0QvOSGMRDuJkq9125ByyjJE-DxxlQ (no longer responding - was discussed at bleeping computer...)

polonus
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: adotd on April 02, 2012, 01:08:47 AM
http://www.avgthreatlabs.com/sitereports/domain/scorecardresearch.com/

thats saying different. :)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: polonus on April 02, 2012, 01:17:19 AM
That says currently safe. But it could also be the OP has something on his puter and then he has to go here: http://forum.avast.com/index.php?topic=53253.0
and we must leave it to the qualified malware removal experts,

polonus
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 01:37:10 AM
Sorry dudes, I dont quite understand the conclusions..

Is it a real virus?
What do I do now?
Can I solve it somehow?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 01:39:55 AM
Quote
And this was a  problem: This website send passwords in clear text upon request

what does this means?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: adotd on April 02, 2012, 01:46:33 AM
Hello can you visit

http://forum.avast.com/index.php?topic=53253.0

and post all the logs please

Our malware expert: essexboy is currently offline

He lives in the UK,  he should be on in the morning.
 

Anthony
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 01:54:04 AM
thxs alot  Anthony

but, what is a log?

and how do I post a log?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: adotd on April 02, 2012, 02:00:10 AM
thxs alot  adotd

Quote
but, what is a log?

when you run the programs they will generate a text file, save the text files on your desktop in a folder.

Quote
and how do I post a log?

When reply you will see "Attachments and other options", you can upload them there.

Me and polonus have found information about it, but the malware expert needs the logs so he can assist you.
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 02, 2012, 02:09:36 AM
Monitoring...  :)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 02:11:34 AM
thxs alot  adotd

Quote
but, what is a log?

when you run the programs they will generate a text file, save the text files on your desktop in a folder.



In what folder do I find these txt file?  In chome folder dont seem to be a log.txt file

Quote
To get assistance please create your own topic in the virus forum.  This will ensure that you get answered and helped as soon as possible and do not get overlooked in an old thread.  Thank you 

the topic is opned, should i post the logs here?

Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: adotd on April 02, 2012, 02:14:22 AM
Yes post the logs here.

Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 02:26:47 AM


In what folder do I find these txt file?  In chome folder dont seem to be a log.txt file


I have also looked at AVAST folder and it does not seem to be a log.txt file

And of course. THANKS AGAIN FOR THE HELP
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 02, 2012, 02:29:53 AM
Hi 4444,

Just follow these instructions.  The logs will automatically be made when the scans are complete.  Just save them to your Desktop and then attach them to your next reply.  :)

----------


Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

(http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan-1.png) (http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan.png)
Click the image to enlarge it
----------

In your next reply please post the logs made by OTL and aswMBR.  :)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: adotd on April 02, 2012, 02:30:44 AM
For your logs for malwarebytes, open malwarebytes and then click on the logs tab. :)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: !Donovan on April 02, 2012, 02:50:47 AM
Hi 4444,

I've looked at the source of your site, and most of it is obfuscated and merged together, making my job harder. :-\

But, when visiting the site directly, the supposedly obfuscated coding turns out to shine light.

A search for this "msplinks" keyword reveals 29 instances.

Lines 331 and 334 contain the first redirect, given here:
http://wepawet.iseclab.org/view.php?hash=3b77f4196c20617f5768b96bab505453&t=1333317231&type=js

Lines 355 and 357 contain the second redirect.
Lines 368 and 372 contain the third redirect.
And lines 395 and 398 contain the fourth redirect.


VirusTotal (https://www.virustotal.com/file/c187f94c7dff8c790e105fa4c9ebff196fe82944d99e22daf91609db29f89678/analysis/1333327607/) results clean, but then again the redirect is from another redirect.

Do you know of how these supposed "movies" got on your website?

Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 03:07:10 AM
Hi 4444,

I've looked at the source of your site, and most of it is obfuscated and merged together, making my job harder. :-\

But, when visiting the site directly, the supposedly obfuscated coding turns out to shine light.

A search for this "msplinks" keyword reveals 29 instances.

Lines 331 and 334 contain the first redirect, given here:
http://wepawet.iseclab.org/view.php?hash=3b77f4196c20617f5768b96bab505453&t=1333317231&type=js

Lines 355 and 357 contain the second redirect.
Lines 368 and 372 contain the third redirect.
And lines 395 and 398 contain the fourth redirect.


VirusTotal (https://www.virustotal.com/file/c187f94c7dff8c790e105fa4c9ebff196fe82944d99e22daf91609db29f89678/analysis/1333327607/) results clean, but then again the redirect is from another redirect.

Do you know of how these supposed "movies" got on your website?



Dont understand about the word "movies" but in general, Ive got the myspace normal settings and some reverbvation widgets taken directrly from reverbnation www.reverbnation.com . Just copy and paste the code from reverbnation.com

I can attach the code:

EDIT-- THE CODE IS ATTACHED IN PAGE 4

NOTE: This code is the exactly code reverbnation.com gives, I think myspace recodes it in some way.  If you are interested I can give the "recoding" of myspace
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 03:11:16 AM
Here are the logs

I could not get the log from malwarebytes, becouse each time malwarebytes was scanning "microsoft build task resources/2.0.0._p........." the program sttoped and did not finish. malwarebytes always stops in the same place wiyhout finishing
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: adotd on April 02, 2012, 03:13:39 AM
now thats alot of redirects :)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 02, 2012, 03:17:02 AM
Were you able to get aswMBR ran yet as well?  :)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: !Donovan on April 02, 2012, 03:18:13 AM
Dont understand about the word "movies" but in general, Ive got the myspace normal settings and some reverbvation widgets taken directrly from reverbnation www.reverbnation.com . Just copy and paste the code from reverbnation.com

I can attach the code:
<snip>


NOTE: This code is the exactly code reverbnation gives, I think myspace recodes it in some way

One thing that they all have in common is the c.gigcount url. This is not shown in the redirect urls, giving a major hint. If you are certain that all the coding you used from that site is given, Reverbnation does not seem to be the culprit. It is a possibility that your site was hacked.


And yes, MySpace recodes all scripts that you feed it.
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 03:31:20 AM
4th time I tried to run aswMBR a friendly blue screen came rebooting my computer, this time not knowing when the soft stops. The soft always starts..

___



Its a posibilyty to be hacked of course..

I retyped the codes again and changed my pass before yesterday..

yesterday there was no AVAST popup showing virus..

Today the popups came again

Today I typed again the codes and changed my pass again and still having the avast virus popup

Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: !Donovan on April 02, 2012, 03:35:51 AM
I retyped the codes again and changed my pass before yesterday..

yesterday there was no AVAST popup showing virus..

Today the popups came again

Today I typed again the codes and changed my pass again and still having the avast virus popup
I suggest changing your passwords on a different computer and don't logon to myspace on the computer being stubborn with aswMBR.


I'll report back tomorrow as it's around 10 pm here.
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 02, 2012, 03:39:35 AM
I agree with Donovan...for the time being try not to use this computer for any banking or email purposes and don't download anything else besides what you are instructed to do here.

Please download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe)
----------
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 03:56:47 AM
I retyped the codes again and changed my pass before yesterday..

yesterday there was no AVAST popup showing virus..

Today the popups came again

Today I typed again the codes and changed my pass again and still having the avast virus popup
I suggest changing your passwords on a different computer and don't logon to myspace on the computer being stubborn with aswMBR.


I'll report back tomorrow as it's around 10 pm here.

Done, changed pass and retyped all the codes from another computer.. still popup virus in my computer.

The other computer I changed my pass and retyped the codes was a windows xp using chrome with the same AVAST installed. No virus popup message in that computer (XP one).

I come back to my computer and the same virus detected
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 04:08:35 AM
I agree with Donovan...for the time being try not to use this computer for any banking or email purposes and don't download anything else besides what you are instructed to do here.

Please download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe)
  • Right-click and Run as Administrator TDSSKiller.exe
  • Press Change Parameters
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click on the Start Scan button
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
    • Note: If Cure is not available, please choose Skip instead, [color="#FF0000"]do not choose Delete unless instructed[/color].
  • Copy and paste the log in your next reply
    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
----------

Done, 2 objects in quarantee, log attached.

Actual detected object count: 2
04:06:01.0629 3536   C:\Windows\system32\epmntdrv.sys - copied to quarantine
04:06:01.0639 3536   epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
04:06:01.0669 3536   C:\Windows\system32\EuGdiDrv.sys - copied to quarantine

Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: adotd on April 02, 2012, 04:19:41 AM
at least your getting somewhat near fixing this :)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 04:23:56 AM
Quote
Note: If Cure is not available, please choose Skip instead, [color="#FF0000"]do not choose Delete unless instructed[/color].

I messed this step, Ive put them both to quarantee. How do I solve it?

and again thxs for the help
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: adotd on April 02, 2012, 04:31:41 AM
was cure avaliable?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: iroc9555 on April 02, 2012, 04:49:31 AM
444.

Those files where unsigned files. Were they detected as malicious or just a warning. You only had to choose " cure " if they were malicious and if cure was available otherwise skip them.

 You better wait for Jeffce. He will be back tomorrow.
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 11:57:35 AM
Both were suspicios object, medium risk, no cure availible..

I have put them both again  into quaranteee, scaning them again I have the choice again to skip, quarantee or delete, no to cure.

____

I did the aswMBR scan again and this time the soft stops in /Microsoft security apliacation.....
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 02, 2012, 01:42:14 PM
Hi there 4444,

Yeah those entries were detected because they were unsigned. 
-------------

Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop. ----------

Please download and run ERUNT (http://www.snapfiles.com/get/erunt.html) (Emergency Recovery Utility NT).  This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.  **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

Run OTL.exe
Code: [Select]
:Services

:OTL
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 F5 7E 02 27 0A CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
FF - prefs.js..browser.search.selectedEngine: "Bing"
[2012/02/25 12:12:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
----------

In your next reply please post the logs made by CKScanner and all logs made by OTL.  :)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: polonus on April 02, 2012, 03:10:54 PM
@444 & adotd
Please make live links non-click-through in your posts, like with htxp or wXw. In your reply you'd better not give quoted code. In the case of (script)code, it should be provided as an image, while it cannot do harm in that way. See attached example of how to do this.
So when posting no live links to live malware please or suspicious links because a newbie may accidentally click this or crawlers may easily find it, rather post the scanned links as VT results, Zscaler scan link, etc.

polonus

Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 03:42:39 PM
OK, now Ive got real problems..

Quote
Download CKScanner by askey127 from Here & save it to your Desktop.

step done, could not attach the log for reason ill tell later. No alerts found in the scan


Quote
Please download and run ERUNT (Emergency Recovery Utility NT).

Done

Quote
Run OTL.exe

Done, the process did not finish, and my whole computer stopped, I restart windows 7 but the computer just turns off the power while windows is restarting..

After the 5 attemp, windows let me do a restore, I did it, but my computer is not working well.. ill try to attach the ERUN log, wich has to be in the computer.

Right now im with another computer.




Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: polonus on April 02, 2012, 03:49:10 PM
Hi 444,

Put this issues forward to the gualified removal experts. Maybe jeffce or essexboy will look into it when they appear,
Did you remove that quoted code or present it in the form of an attached image (jpg, gif, png)?

polonus
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 03:52:37 PM
ckfiles.txt attached

Now typing in my computer, computer seem to work better
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 03:53:31 PM
Hi 444,

Put this issues forward to the gualified removal experts. Maybe jeffce or essexboy will look into it when they appear,
Did you remove that quoted code or present it in the form of an attached image (jpg, gif, png)?

polonus

ill do it now, give 3 min
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 04:03:29 PM
CODES TAKEN FROM REVERBNATION ATTACHED
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 04:04:05 PM
MORE CODES FROM REVERBNATION ATTACHED
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: adotd on April 02, 2012, 04:06:44 PM
A qualified malware remover should be online soon.

At the moment jeffce and essexboy is offline :D

Anthony 8)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 04:31:21 PM
Quote
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
Done, after rebooting apeared me a txt file wich im attaching..

And after rebooting I followed these instruction again and attaching the log file again


Quote
Just follow these instructions.  The logs will automatically be made when the scans are complete.  Just save them to your Desktop and then attach them to your next reply. 

Download OTL to your desktop.
Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

By the way my computer is working better
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 04:36:36 PM
Quote
Please download aswMBR to your desktop.

Right click and Run as Administrator the aswMBR icon to run it.
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Still aswMBR crashes on the same place
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 05:40:36 PM
should I follow the same steps as here?

http://forum.avast.com/index.php?topic=96346.0

or Ill better wait for personalized help
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: adotd on April 02, 2012, 05:45:28 PM
Wait for help for a malware expert  8)

Anthony
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 02, 2012, 05:53:26 PM
Hi 4444,

From now on only follow the instructions that are provided so that we don't accidentally remove something we do not want to. 
---------

CKScanner has detected illegal software on your system. Besides being illegal, it's the number one way of infecting your system as all cracked/keygen software is infected. This forum, as well as all the other malware removal forums, do not support the use of illegal software except for their removal.  If I were to continue helping you with illegal software installed, it could be construed in the eyes of the law as aiding and abetting a crime as well as I will not be able to ever tell you your system is clean.

I have worked up a fix for their removal.  If you do not agree to this then this thread will be closed and no further help will be offered.  Please let me know if you wish to continue.
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 06:02:21 PM
Yes of course you can remove it, theres no problem in that, but i dont think the problem is there, but go ahead remove it..
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 02, 2012, 06:10:38 PM
Hi,

 
Quote
i dont think the problem is there, but go ahead remove it..
Actually part of it is a virus...
-------------

Run OTL.exe
Code: [Select]
:Services

:Files
c:\users\administravimas\desktop\mdt-v-04\mdt-v-04\crack\mdt4cr.bat
c:\users\administravimas\desktop\mdt-v-04\mdt-v-04\crack\mdt4_patcher.exe
c:\users\administravimas\desktop\mdt-v-04\mdt-v-04\crack\readme.txt

:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.



The log can also be found here:
C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



[list=1]
ESET OnlineScan (http://eset.com/onlinescan)

scanning your computer. Please be patient as this can take some time.
http://www.eset.com/onlinescan/
----------

In your next reply please post the logs made by OTL, Malwarebytes and ESET online scanner.
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 09:27:11 PM
OK, done, esset scan took 2 hour and a half..

some of the detected files is installed on a virtual machine, (oracle Virtual Box) Is that secure?

thanks in advantage
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 09:29:01 PM
And one question..

Why does AVAST dont see those corrupted files and these soft do?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 09:40:24 PM
E:\descargas\SoftonicDownloader_para_lock-it-easy.exe   Win32/SoftonicDownloader.D application

Also I have use this soft to lock usb pendrives, some of them I gave them to friends.. are the pendrives infected?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 02, 2012, 09:42:51 PM
Hi,

Thanks for those logs. 

Artellos.com (exe) (http://artellos.com/ccount/click.php?id=7)
Artellos.com (zip) (http://artellos.com/ccount/click.php?id=8)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 02, 2012, 10:16:52 PM
hi and thxs..

do I have to worry about the pendrives?

file attached
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 03, 2012, 10:55:48 AM
no one?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 03, 2012, 01:49:33 PM
Hi 4444,

MGADiag.exe

Please download this tool >> http://go.microsoft.com/fwlink/?linkid=52012 from Microsoft.
Double click on MGADiag.exe to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in the window.
Save this file and copy/paste it in your next reply.
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 03, 2012, 02:34:52 PM
Done..

Doctor, thxs alot, what else now?

Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 03, 2012, 04:56:53 PM
Hi again, right now no virus detected in myspace..
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 03, 2012, 05:01:10 PM
Hi 4444,

Glad to hear it.  How is your system running as a whole? 

I am verifying some things with your system and will return as quickly as possible.  :)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 03, 2012, 05:07:27 PM
since...

Quote
« Reply #51 on: Yesterday at 02:31:21 PM »

...forum time, the computer seems to work well..

In fact, before the first posting the computer also seemed to work well. I thogh it was some kind of myspace error
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 03, 2012, 05:31:21 PM
Anyways in myspace I keep seing this where it should be the banner..

and again I attach the code of the "banner"
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: !Donovan on April 03, 2012, 05:32:49 PM
Well, because it says "Terms of Service violation" it appears that myspace didn't like your banner.

-- Did you read the terms of service?

-- Did you look at your banner?

-- Did you think of how the banner could conflict with the terms of service?


Terms are here: http://www.myspace.com/Help/Terms
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 03, 2012, 05:57:10 PM
Yes of course..

Here are the rules

http://www.myspace.com/music/artisthq/2010/7/28/how-to-add-a-marquee-to-your-new-artist-profile

and here the size of my marquee

960x261 pixels
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 03, 2012, 06:08:26 PM
Quote
  When a user lands on your page they will see 960×250.

ok, ill try to fix it to 250..

Doctor, Am I cured?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 03, 2012, 06:23:35 PM
ok, banner updated and dont work
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 03, 2012, 07:07:54 PM
Hi,

I see that you still have several cracks/keygens on your system.

Run OTL.exe
Code: [Select]
:Services

:Files
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe
E:\descargas\PDFCreator-1_2_3_setup (1).exe
E:\descargas\PDFCreator-1_2_3_setup.exe
E:\descargas\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ]\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ].rar
E:\descargas\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ]\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ]\x32\x32.rar
E:\descargas\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ]\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ]\x32\x32\Keygen.exe
E:\descargas\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ]\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ]\x64\x64.rar
E:\descargas\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ]\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ]\x64\x64\Keygen.exe
E:\descargas\Windows XP Genuine Key Generator for Windows XP 32-bit [h33t] [GLADRAG_MANHUNT]\Key Generator.rar

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 03, 2012, 07:35:14 PM
Done

and an image attach
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 03, 2012, 07:37:17 PM
image in better quality
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 03, 2012, 07:37:19 PM
Go ahead and run a new scan with OTL and we can see what we have.  :)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: adotd on April 03, 2012, 07:39:55 PM
IP  : 95.168.185.41
Host  : hosted-by.*******.com
Country  : Hong Kong     

h*://www.mywot.com/en/scorecard/hosted-by.leaseweb.com

THIS WEBSITE HOSTS MALWARE

h**p://www.urlvoid.com/scan/hosted-by.leaseweb.com/
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 03, 2012, 07:49:16 PM
Hmm.. I havent enter into a Hong Kong website..

gmail, my official web hosted in europe, here hotmail, myspace, facebook, flickr, reverb nation, twitter. Message came when loading myspace I guess..

Log attached
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: adotd on April 03, 2012, 07:52:16 PM
I did not notice is was avastsvc.exe

Maybe a update from avast

Soory about that

jeffce will be back soon wait for him to reply.  8)

Anthony 8)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 03, 2012, 08:01:32 PM
It keeps showing the popup message, and yes, its when I load myspace
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: DavidR on April 03, 2012, 08:15:17 PM
I did not notice is was avastsvc.exe

Maybe a update from avast
<snip>

Not an update by avast (and they go to avast servers), that would be by avast.setup not avastSvc.exe (controls all shields) that will no doubt be the Web Shield proxy redirection as something is trying to connect to that IP address using http protocol and as such redirects that through the localhost proxy.

Unfortunately MBAM isn't smart enough to identify the process that responsible and not just the proxy controller.
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 03, 2012, 09:21:48 PM
Hi,

Run OTL.exe
Code: [Select]
:Services

:OTL
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 164 bytes -> C:\Users\Administravimas\Desktop\Image.jpg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Administravimas\Desktop\CESE.jpeg:3or4kl4x13tuuug3Byamue2s4b

:Files
dir C:\Users\Administravimas\Desktop\UMPToolV5534 /s /c
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 03, 2012, 11:07:41 PM
done. Popup apeared me after the repair and after the scan
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 04, 2012, 01:44:58 AM
after the reapir and after the scan when loading chrome, I guess myspace
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 04, 2012, 03:09:28 AM
Outside of this popup how is your system running? 
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 04, 2012, 11:51:26 AM
its working well..

one thing more.. attached file

which means:

you cant use your chrome profile becouse it corresponds to a newer vwersion of chrome. Some features  may not work. Update the soft or use another profile
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 04, 2012, 12:16:26 PM
is the wellcome message when I open chrome, once is opened, everything seems to work well
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 04, 2012, 01:23:52 PM
Quote
once is opened,everything seems to work well

but myspace
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 04, 2012, 04:16:33 PM
what do I do next?

Is it solved?

help please
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 04, 2012, 04:46:15 PM
Hi 4444,

I am feeling pretty good but I am speaking with a colleague about a few aspects with your logs still.  I appreciate your patience that you have shown so far.  :)  I will return as quickly as I can. 
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 04, 2012, 05:33:55 PM
Thanks alot Jeffce, in the meanwhile could you make a quick explanation of what you think is happening in my computer?

why myspace?
am being hacked?
How did I get infected?

Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 04, 2012, 07:16:06 PM
Hi 4444,

Quote
make a quick explanation of what you think is happening in my computer?
I believe that this is really stemming from the illegal software that you had installed on your system.  Illegal software is a sure fire way to get infected.  When I get confirmation about a couple things I will get back.  :)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 04, 2012, 09:13:35 PM
Hi 4444,

Let's give this a shot.  It may be a problem with Google Chrome itself.  Let's uninstall that and then get a fresh install. 

Please do the following:

Hold down the Windows key and press R to open a run box
type the following text into the run box

appwiz.cpl

This will open your Programs And Features. A list of installed programs will populate

Remove the following programs:

Google Chrome
----------

Now visit here >> https://www.google.com/chrome to download and install a new copy of Google Chrome.  Once installed, let me know how the system is behaving.  :)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 04, 2012, 10:18:06 PM
OK, did it twice.

Here is what I have done

Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 04, 2012, 10:25:19 PM
i think I ve got something important.

Chrome and Firefox comes with a popup message.

BUT I EXPLORER NO!!!

The only diference is that reverbnation widget dont load with i explorer.. Here is a screeshot attached.


And...

The popup comes with firefox and chrome just when the widgets stopped loading
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 04, 2012, 10:27:14 PM
Should I post the MYSPACE code of the widgets?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 04, 2012, 10:35:26 PM
and Ive got other thing

In xxx.xxxx.com are the same reverbnation widget (at least the video one in the video section) no popup comes.. Same as my reverbnation profile (but I think the codes there are diferent)

Remember myspace recodes everything
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 04, 2012, 10:55:12 PM
Before asking here there are.. I will send it to you in private message aswell
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: !Donovan on April 04, 2012, 10:55:36 PM
Hi 4444,

I do think that the malicious elements of your page is from my post from the 1st.

http://forum.avast.com/index.php?topic=96594.msg770482#msg770482

The malicious reverbnation links you provided got merged into msplinks only then to be redirected to reverbnation for the malicious payload.


In other words, the reverbnation links appear to be the problem. Remove the exploit links and find another provider for your needs.
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 04, 2012, 11:28:08 PM
Ok I go to other myspaces profiles WHERE THEY HAVE REVERBNATION WIDGETS, and a popup comes like the image attached in 90% of cases.. If I go to other where there is no reverb widgets i dont see the popup

Is the recoding of myspace or is just the reverbnation codes? this is important to me

Do you see the popup when going to xxx.mysxxxe.com/xxtxxxx ?? this is also very important



thxs donovan
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 04, 2012, 11:29:31 PM
Hi,

I am not seeing anything else malware related in the logs that you are providing. 
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 04, 2012, 11:39:22 PM
Quote
Hi,

I am not seeing anything else malware related in the logs that you are providing.

Doctor, what are your conclusions?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 04, 2012, 11:46:08 PM
I feel like your logs are clean.  The problems seem to stem from your Myspace codes. 
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 04, 2012, 11:50:11 PM
I have done a lot of refreshing to "infected" (dont know if that is true) domains, can we make another scan?

Quote
The problems seem to stem from your Myspace codes.

have you locatred the exact code?

do you see a popup in xxx.mxxxx.com/xxxxane ?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: !Donovan on April 04, 2012, 11:58:19 PM
Ok I go to other myspaces profiles WHERE THEY HAVE REVERBNATION WIDGETS, and a popup comes like the image attached in 90% of cases.. If I go to other where there is no reverb widgets i dont see the popup
Not surprising.

Is the recoding of myspace or is just the reverbnation codes? this is important to me
All myspace does is beautify the coding. After that they add the msplinks instead of the original link. The msplinks are used to redirect to the original link given by the webmaster.

I have done a lot of refreshing to "infected" (dont know if that is true) domains, can we make another scan?
Well, if avast! is blocking the website, then the blocked website can not infect you. ;)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 05, 2012, 12:13:31 AM
Quote
given by the webmaster.

hahah!! im not a webmaster im just copying and pasting codes.. :D

do you have the same popup by going in xxx.myxxxxe.com/xxxxxsaxx

I remember jeffce saying he aint getting the message, can anyone confirm this?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 05, 2012, 12:26:45 AM
Quote
Re: URL:Mal y HTML:RedirME-inf FAKE??
« Reply #5 on: April 01, 2012, 10:16:01 PM »
Quote
Get no avast alerts when opening in Google Chrome. Has that what is flagged been cleansed or does it no longer respond?
Get several  HTTP 1.1 302 Object moved i.e.  "response.redirect" on the requested page,

polonus
« Last Edit: April 01, 2012, 10:28:20 PM by polonus »

Here we are, polonus seems to dont see those popups.., not  jeffce

Can anyone confirm this?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: polonus on April 05, 2012, 12:45:44 AM
I get no alert from avast, but I am anxious to know what this obfuscated code represents, see attached.
Code translate to AutomaticGWTInternationalizationdetection user statistic php counter code.
Malware script detector extension in Chrome goes berserk as it detects it as some form of XSS attack, so certainly not kasher,

polonus
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 05, 2012, 01:31:25 AM
Quote
I get no alert from avast, but I am anxious to know what this obfuscated code represents, see attached.
Code translate to AutomaticGWTInternationalizationdetection user statistic php counter code.
Malware script detector extension in Chrome goes berserk as it detects it as some form of XSS attack, so certainly not kasher,

so the conclusion is that the recoding has no malware, but the recoding is so ofuscating that chrome detects it as malware. So until myspace does not change the recoding I will keep getting those mesages.

AND.. this is not happening to everyone
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 05, 2012, 01:43:07 AM
By the way, im scanning with [control] + F the code you attached into the recoding of myspace I have of the reverbnation widgets  in WORD and I cant find it.
,
Also I did a  "right click" to my myspace profile and click on "see code of the web", again, [control] + F and i couldnt find the code you attached
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 05, 2012, 11:26:29 AM
what do i do next doctor?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 05, 2012, 01:29:51 PM
Hi 4444,

I am not seeing anything that is jumping out at me in your malware logs that you are providing..

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D  SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D

This infection appears to have been cleaned, but I can not give you any absolute guarantees.  As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------

Run OTL.exe
Code: [Select]
:Services

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[clearallrestorepoints]
[emptytemp]
[start explorer]
[Reboot]
----------

Clean up with OTL:
----------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted using right-click > delete so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
2. Enable Protected Mode in Internet Explorer.  This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code.  To make sure this is running follow these steps:3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.  A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).  **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)

5. Make sure you keep your Windows OS currentWindows XP users can visit Windows update  (http://v4.windowsupdate.microsoft.com/en/default.asp)  regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.

6. Consider a custom hosts file such as MVPS HOSTS (http://"http://www.mvps.org/winhelp2002/hosts.htm"). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.  For information on how to download and install, please read this tutorial by WinHelp2002 (http://"http://www.mvps.org/winhelp2002/hosts.htm")
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

7.   WOT   (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?  (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
 
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 05, 2012, 02:38:54 PM
OK, I deleted all the modules in my myspace profile where i have included codes and refreshing in 30% of cases a popup malware comes out.

Help?

Files attached
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: DavidR on April 05, 2012, 03:04:18 PM
In all honesty I would be starting to question the accuracy of the MBAM IP blocking. I disabled this shortly after getting MBAM Pro as I feel that it is A) not as described on the tin 'malicious web site blocking' as it blocks many more categories than just malicious sites and B) that this area is possibly the weakest/worst area of the MBAM protection.

So I feel I'm more than adequately protected by the avast! Network/Web Shield and I also use AdBlockPlus, here you can subscribe to other lists such as 'Malware Domains' add to that firefox also has anti-phishing/attack site protection.
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: polonus on April 05, 2012, 03:17:43 PM
Hi 4444,

This is a MBAM alert that you get because the qualified malware removal has not been finished yet, and you should wait for it to be finsihed and then reinstall MBAM and or SAS again. That what DavidR states could be a valid argument, I also have seen postings that went in that direction  in another part of the forums, So do not think of MBAM now until jeffce has told you that it is time to go back to that.

SAS and MBAM are anti-malware applications that come as a form of last resort cleansing and are not to interfere with the official malware removal routine and cleansing tools. So ask jeffce what to do next. Remember your computer was heavily compromised.
Do not be nosewise! Just do not do anything outside jeffce's instructions, and you will feel better with the final cleansing results. These guys like jeffce, oldman and essexboy here  took years of training to get computers cleansed and they add new skills to their expertise every single day. Do you know what a sloppy uninstall could cause in the form of operational system misery, mem-conflicts and random bsods, so what about a comp with malcode galore and heavily compromised?

polonus
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 05, 2012, 04:11:32 PM
Ok. I didnot unsdertand it all as my first languaje is not english. But I understando that could be a problem with MBAN (reinstalling?) and to follow the jeff instructios..

Ok jeffce, here im, im a trained monkey to follow your instructions..

Whats next?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 05, 2012, 04:22:46 PM
I am not seeing too much left....

Let's give this another go 'round...Do Not Do Anything on Your Own.  Even though you may have the best intentions to help, running other programs and tools and following other examples from other topics may hinder and actually prevent us from being able to properly clean your system.

Run a new scan with OTL and aswMBR and attach the new logs into your next reply.
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 05, 2012, 04:48:30 PM
Otl attached

aswMBR crashes as ALWAYS, I took my time to manualy write where it crashes. Here:


c:windows/assembly/gac_msil/microsoft.security.aplication.policyMan....
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 05, 2012, 04:50:40 PM
Let's take a look and see what we have

In the run box type the following

diskmgmt.msc

When disc management opens expand it so that all drives are visible
Take a screenshot and post it here

Are you able to burn a CD on another computer ?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 05, 2012, 04:58:22 PM
Yes im able to burn a cd on another computer.

image attached
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: DavidR on April 05, 2012, 05:23:03 PM
Ok. I didnot unsdertand it all as my first languaje is not english. But I understando that could be a problem with MBAN (reinstalling?) and to follow the jeff instructios..

Reinstalling MBAM won't help, as I believe the MBAM, malicious website blocking function is at fault; it is too damn sensitive looking for more than malicious sites. This too me scares the user as they think it a malicious site, when it could be something else.
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 05, 2012, 05:37:36 PM
so, as I undertand, you think is a trouble in myspace coding.. and MBAN gets crazy

Isn it?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: DavidR on April 05, 2012, 05:43:59 PM
No, MBAM doesn't check coding in the same way as the avast's web shield, all it does is check the IP address against its database of blocked IPs.

As I said many of these are NOT malicious websites but some other category.
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 05, 2012, 05:51:52 PM
Quote
So I feel I'm more than adequately protected by the avast! Network/Web Shield and I also use AdBlockPlus,

so your suggestion is to change soft..

its very strange becouse I can refresh up to infinete some profiles in myspace and i get no popups. Example: http://xxx.myspace.com/vnvnation
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 05, 2012, 06:07:57 PM
I still don't see anything that is making me believe that this is malware related any longer.  I think that it is a problem with your Malwarebytes over checking sites. 
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 05, 2012, 06:10:46 PM
solution?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: DavidR on April 05, 2012, 06:29:23 PM
No need to change software, I would recommend that you just uncheck the 'malicious web site blocking' option in MBAM. see my image (click to expand) in this post, http://forum.avast.com/index.php?topic=96594.msg772087#msg772087 (http://forum.avast.com/index.php?topic=96594.msg772087#msg772087).
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 05, 2012, 06:30:42 PM
ok, thats a cool easy answer, everybody agrees?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: DavidR on April 05, 2012, 06:41:30 PM
Yes that appears to be the general consensus, uncheck that option and allow avast's network/web shields cover that. So you should still be protected.

If you wanted further protection - AdBlockPlus is an add-on which can be used with Firefox (may also be able for IE and possibly Chrome), primarily it is used to block adverts, but you can add other subscriptions/lists to block malicious sites.
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 05, 2012, 06:46:42 PM
ok thanks for the suport, Im going out  from my computer, when I come back its done..

Is there a tutorial with AdBlockPlus?

By the way: thxs to all
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 05, 2012, 07:30:22 PM
Hi 4444,

Yes I agree with DavidR on this as well.  :)
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: DavidR on April 05, 2012, 07:42:02 PM
Is there a tutorial with AdBlockPlus?

Not that I was aware of until you asked, I have found it pretty straight forward. But you can visit the home site, http://adblockplus.org/en/ (http://adblockplus.org/en/). There is a documents page and a forum and a blog, etc. For the malware domains list, see https://adblockplus.org/blog/blocking-malicious-sites-with-adblock-plus (https://adblockplus.org/blog/blocking-malicious-sites-with-adblock-plus).

There is also a Wikipedia page also, http://en.wikipedia.org/wiki/Adblock (http://en.wikipedia.org/wiki/Adblock).
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 06, 2012, 03:26:38 AM
damm it, I have got bad news..

With Adblockplus insatalled and disabling "website blocking" from Malwarebytes I get these messages attached from avast..


Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 06, 2012, 03:36:34 AM
I took the freedom of making another OTL log. Attached
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 06, 2012, 02:12:31 PM
Hi there, should I disable the AVAST  web shield?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 06, 2012, 02:26:16 PM
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 06, 2012, 02:33:47 PM
done
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 06, 2012, 05:07:37 PM
doctor, what are your feelings about it?..

Its all toguether a bit strange. Adblock plus no detecting nothing and malvaware and avast is detecting..

Avast is quite a popular soft, so Im afraid that anyone entering in myspace site could get the same message.. did not try to pass the myspace link prfile to friends to see if they got the same messeges becouse I want to be sure to dont spread virus to friends.. But the avast (a popular soft)  massage worrys me becouse of the "image" the profile gives..

Feelings?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 06, 2012, 07:47:45 PM
Hi,


Download Revo Uninstaller (http://www.revouninstaller.com/revo_uninstaller_free_download.html)You will now see a list of installed programs that Revo Uninstaller can remove.After you have this completed install a fresh copy of Google Chrome.  Hopefully this will fix up your problems. 
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 06, 2012, 08:36:43 PM
Hi again, done, and popups comes once more..

NOTE: with firefox the same popups
with iexplorer i dont get the popups, but when initialicing I got a popup adons window attached, dont know if that will give you the clue.

Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 06, 2012, 09:07:56 PM
OK, now i have real problems, im in another computer..

Quote
Download Revo Uninstaller
[/b]
Double click the installation file on the desktop to run the installer.
Let it install to the default location.
Double click the new Revo Uninstaller Icon on the desktop to start the program.
You will now see a list of installed programs that Revo Uninstaller can remove.
Locate the program you are uninstalling <Google Chrome>
Right Click the Icon then choose Uninstall.
Click yes to the warning and choose the Uninstall Mode
Choose the Advanced option and then click Next.
This will launch the programs built in uninstaller. Be patient it can take several seconds.
Once the uninstaller is done click Next.
Revo Uninstaller will now scan for leftover information. Be patient it can take several seconds.
Once this scan is done click Next.
You will then be presented of the leftover entries found by Revo Uninstaller
Look at ALL of the entries to ensure they relate to the uninstall.
Next click Select All > Delete to remove the entries.
Click Next.
If there are any program file folders left over you will be presented with a list to be removed.
Again look at ALL of the entries to ensure they are related to the uninstall.
Click Select All > Delete to remove the entries.
Click Finish to go back to the uninstall list.
Close the program

I did these steps again to make sure I did it correctly, but with one difference, after uninstalling y did a windows restart, and the computer doesn't  start again.

3 seconds starting windows, and the the computer shuts down.

NOTE:
About the quoted....

I followed the steps you gave me but the options were not exactly the same, though the conceps of the options were the same.. I imagine is couse I installed a newer version. Per exwemple:


Quote
Click yes to the warning and choose the Uninstall Mode
Choose the Advanced option and then click Next.
There was no these 2 steps
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 06, 2012, 09:19:33 PM
and another important thing, I guess is important..

The computer always, since I have it, gives me errors upgrating windows, so I think windows has been never updated. Now the computer is dead
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: !Donovan on April 06, 2012, 09:21:50 PM
Look at ALL of the entries to ensure they relate to the uninstall.


Did you make sure you didn't delete a critical Win32 file?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 06, 2012, 09:25:06 PM
Quote
Look at ALL of the entries to ensure they relate to the uninstall.
Next click Select All > Delete to remove the entries.

Quote
Again look at ALL of the entries to ensure they are related to the uninstall.
Click Select All > Delete to remove the entries.

Quote
Did you make sure you didn't delete a critical Win32 file?
no, just clicked on select all and delete
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 06, 2012, 09:29:12 PM
Ok, windows loaded again, dont want to touch too many things, so im with another computer again.

Chrome is not insatalled.. Should I make a restore?
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 06, 2012, 09:35:23 PM
Quote
Again look at ALL of the entries to ensure they are related to the uninstall.
Next click Select All > Delete to remove the entries.

hahaha...I think i missed the bold quote. ups  sorry about that :-[

Should I restore? Revo created a restore point just before I uninstalled chrome
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: polonus on April 06, 2012, 09:52:00 PM
Hi 4444.

After you are done, you can go through the OS restoring and fixing critical issues with http://support.microsoft.com/fixit/
But do that only when jeffce has given you the green light and you are allowed to do so.

Also consider the times where you had programs installed and there might be remnants of old programs.
This could lead to all sort of strange issues with the OS, driver issues, mem problems, renowned for this is a not completely de-install of ZA for instance.

Later the computer should be handeld in normal user mode, and the admin mode should be used only when it cannot be handled otherwise.
Did you install all the service packs that came out for your OS?

For you it will be a gigantic step to work yourself up to get to using safehex, but this could be the start of a new attitude.
This could be the moment to decide for yourself never to land in such a desperate situation again.
Be grateful what jeffce did for you to have you come this far with the cleansing of this comp,
Felices Pascuas!

polonus

Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 06, 2012, 10:02:56 PM
Ok, I will wait to jeff. The computer came with ultimate installed, but with no SP installed, the computer was not originally mine.

By the way, im now typing in the "infected" computer
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 06, 2012, 10:40:53 PM
Hi,

Have you EVER been able to update your Windows at all? 
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 06, 2012, 11:55:47 PM
Nope!! Windows can take hours saying he is dowloading without downloading. Image attached
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: polonus on April 07, 2012, 12:31:39 AM
Hi 4444,

Maybe you already know the answer, but if not, did you check this link  to check:

http://www.microsoft.com/genuine/default.aspx?displaylang=en

to see if the windows version on that comp is a genuine one?

See: http://www.troublefixers.com/know-whether-your-windows-is-legal-and-genuine-or-not/   link source TroubleFixers link author ROHIT

polonus
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 07, 2012, 03:04:04 AM
OK, I keep the same problem.. Ive got a sticker saying windows is genuine but its a vista sticker not a 7..

I think Im gonna format the computer, just wanan know if there is also a popup for you entering to my myspace profile

Plese dont close this topic couse im comming back soon
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 07, 2012, 03:21:54 AM
cant find the drivers here: http://www.csd.toshiba.com/cgi-bin/tais/support/jsp/home.jsp?nav=download

this is the model:
http://uk.computers.toshiba-europe.com/innovation/jsp/SUPPORTSECTION/discontinuedProductPage.do?service=UK&toshibaShop=false&BV_UseBVCookie=yes&PRODUCT_ID=1070407

is it trustable this web I found?
http://www.do-download.com/System/Backup-Restore/Toshiba-Satellite-244517.html


Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 07, 2012, 04:04:49 AM
what about this link?

http://www.laptop-software.com/toshiba/toshiba-satellite-a500-notebook-drivers/
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 07, 2012, 04:32:12 AM
for the curious ones I bough that comp from a old girlfriend
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 09, 2012, 12:55:36 PM
Hi im back again.. I format windows, Installed chrome malwaberabites and avast and adblock plus and got the same virus.

With malwabarebytes disabled, avast installed and adblockplus Ive got the same. Image attached.

webpage where i get those messages is xxx.myspace.comxxx/4timesinsane

Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 09, 2012, 12:58:23 PM
disc drives, folde3r reason and 0bra creted manually by me..
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 09, 2012, 01:18:28 PM
Hi,


Download Revo Uninstaller (http://www.revouninstaller.com/revo_uninstaller_free_download.html)
    [/b]
  • Double click the installation file on the desktop to run the installer.
  • Let it install to the default location.
  • Double click the new Revo Uninstaller Icon on the desktop to start the program.
You will now see a list of installed programs that Revo Uninstaller can remove.
  • Locate the program you are uninstalling <Google Chrome>
  • Right Click the Icon then choose Uninstall.
  • Click yes to the warning and choose the Uninstall Mode
  • Choose the Advanced option and then click Next.
  • This will launch the programs built in uninstaller. Be patient it can take several seconds.
  • Once the uninstaller is done click Next.
  • Revo Uninstaller will now scan for leftover information. Be patient it can take several seconds.
  • Once this scan is done click Next.
  • You will then be presented of the leftover entries found by Revo Uninstaller
  • Look at ALL of the entries to ensure they relate to the uninstall.
  • Next click Select All > Delete to remove the entries.
  • Click Next.
  • If there are any program file folders left over you will be presented with a list to be removed.
  • Again look at ALL of the entries to ensure they are related to the uninstall.
  • Click Select All > Delete to remove the entries.
  • Click Finish to go back to the uninstall list.
  • Close the program
After you have this completed install a fresh copy of Google Chrome.  Hopefully this will fix up your problems.

Followed the steps here, popup keeps coming.. Help?

Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 09, 2012, 01:49:03 PM
What operating system did you reinstall?  If you did a complete reinstall of your system than you should not have these popups that you are showing unless it has something to do with the sites you are visiting. 

Did you follow polunus' instructions and link in post #152?

Run a new scan with OTL and attach the new log that is made.
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 09, 2012, 02:33:34 PM
What operating system did you reinstall?  If you did a complete reinstall of your system than you should not have these popups that you are showing unless it has something to do with the sites you are visiting. 

Did you follow polunus' instructions and link in post #152?

Run a new scan with OTL and attach the new log that is made.

w7 professional, you have it in the image attached above..
_
sites im visiting after the reinstall are: avast forum, myspace, hotmail, and facebook, keep in mind that I just reinstalled w7, no too much time to navigate.
__
And yes
__
Soft installed is attached above aswell
__
Copyng the back-up data into the drives again
__
OTL log attached

Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 09, 2012, 02:36:24 PM
otl is too large to attach, 201kb
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 09, 2012, 02:39:09 PM
I have split otl
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 09, 2012, 02:39:39 PM
second part of otl
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 09, 2012, 02:40:11 PM
extras
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 09, 2012, 03:09:50 PM
Are you removing the old logs that you have been attaching?  I needed those to compare and contrast this conflicting information that I have been looking at?  Please DO NOT edit your posts.  If you continue to do this I will not be able to attempt to help you. 
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 09, 2012, 03:12:59 PM
ok, sorry about that..

Its becouse google is like an elephant, toomuch memory
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 09, 2012, 04:02:41 PM
Ok here is an old otl file i could fiind. Atteached.

same as before, i explorer is not finding nothing
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 09, 2012, 04:22:29 PM
Download CKScanner by askey127 from Here (http://http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 09, 2012, 05:07:35 PM
OK, ill make a review of what I have done.


File attached
Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: jeffce on April 09, 2012, 05:22:19 PM
Hi 4444,

I have mentioned several times that you have illegal software on your system and that we need to remove them.  We have removed them earlier, yet after you format and install a fresh copy of your operating system you reinstall them and there they are again.  Since you seem to refuse to remove the illegal software from your system I will no longer assist. 

Title: Re: URL:Mal y HTML:RedirME-inf FAKE??
Post by: 4444 on April 09, 2012, 05:31:23 PM
Quote
We have removed them earlier

If we had remove it earlier I will be no more on the system.. So we did not remove it, or you did not remove it from the sistem..

I dont need for nothing the soft sckfiles is showing, just did a back up before formating and back to the hard drive after installing w7. Didnt know those files existed until i did not see the ckfiles..

Should i erase them manually?