malicious URL

[roaduntrodden]

I keep getting a message that Avast has blocked a malcious URL.

http://download.newnext.me/spark.bin?rnd...
Infection: URL:Mal
process: c:\windows\sysWOW64\rundll32.exe

What should I do?

[mikaelrask]

hey and welcome to the forum

please follow this guide and attach your logs

we need the logs from mbam, otl and aswmbr

http://forum.avast.com/index.php?topic=53253.0

a malware expert will help you from there.

[roaduntrodden]

Thanks!
Will get back with the logs.

[roaduntrodden]

I don't get any more warnings after removing infections using MBAM.
Do I need to proceed with the rest of the tools?

[Pondus]

there may be leftovers that need to be removed so run OTL and attach the log

also attach Malwarebytes log so that the malware expert can see what was removed

[roaduntrodden]

The logs are attached.
Thanks to all for your help!

[TwinHeadedEagle]

Hi,


Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
  
• Double click on zoek.exe to run the tool .
  Please wait for the tool to start...
  
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:

Code: [Select]

createsrpoint;
gpt.ini;z
C:\Windows\System32\GroupPolicy;v
C:\Windows\SysWOW64\GroupPolicy;v
StandardSearch;
emptyfolderscheck;
installer-list;
installedprogs;
uninstall-list;


• Click on button.
  Please wait until a logreport will open (this can be after reboot)
  
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"