Author Topic: threat warning for url:mal iexplore and svchost (Read 9933 times)

greebly · « **on:** October 13, 2010, 02:44:09 PM »

hopefully I'm in the right place...
I have recently had a koobface infection, and since then, avast frequently pops a red warning box into the corner of the screen saying "threat Detected"
the process is either svchost or, more commonly iexplore.exe
This threat detection is happening more and more and avast full scan picks up nothing.
I have run malware bytes and it found leftovers from the koobface, I have uninstalled all toolbars, cleaned off system restore points but still have this warning pop up all the time and its driving me nuts!
Is there any solution besides a format?
Please help...

Thanks

greebly · « **Reply #1 on:** October 13, 2010, 02:50:26 PM »

Further detail:
the warning will pop up intermittently when no browser is open, which gives the svchost process,
and iexplore as the process anytime I enter ANY search via google.

Thanks

Pondus · « **Reply #2 on:** October 13, 2010, 04:18:04 PM »

Try this

TFC - Temp File Cleaner by OldTimer
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

Dr.Web CureIt http://www.freedrweb.com/cureit/?lng=en
How Do I Use Dr.Web CureIt!? http://www.freedrweb.com/cureit/how_it_works/
Norman Malware Cleaner http://www.norman.com/support/support_tools/58732/en-us

katolkir · « **Reply #3 on:** October 16, 2010, 02:46:27 AM »

I have the EXACT same problem.

Avast picks up nothing.
I followed the tips below - nada.

<<TFC - Temp File Cleaner by OldTimer
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/>>

OK, cleaned 1G of temp files and stuff, but the problem is still there.

<<Dr.Web CureIt http://www.freedrweb.com/cureit/?lng=en>>

Site cannot be found.

<<How Do I Use Dr.Web CureIt!? http://www.freedrweb.com/cureit/how_it_works/>>

Gives you a bunch of products, six approximately - not sure which to download.

<<Norman Malware Cleaner http://www.norman.com/support/support_tools/58732/en-us>>

OK, this one gave red "Gen.Rootkit" message, suggested to restart, which I did, then it scanned again, and again the same message right away, restart, again the same thing, round and round it goes. Is it in my memory? Then what should I do? On their site it says that it would not run in Safe Mode, but I'm desparate, so I tried nevertheless, and it actually ran, found and killed a bunch of files in my very old achives - can't be dangerous. Never mind, the problem is still there.
Help?

greebly · « **Reply #4 on:** October 16, 2010, 02:49:55 AM »

Just an update - ran the above cleaners and was still having the problem, but normans helped in that it identified the threat, but wouldn't remove it.
The threat identified was W32/rootkit!TDSS_TDL3.26+

so I got a copy of tdsskiller from http://support.kaspersky.com/downloads/utils/tdsskiller.exe
this got rid of the threat.
Normans then ran a really thourough scan that picked up a couple of little problems and computer is now seeming to run fine.

YAY!
Thanks for all your help!

greebly · « **Reply #5 on:** October 16, 2010, 02:53:07 AM »

Hi mate,
Mine did the exact same thing but kaspersky tdsskiller cleared out the rootkit infection that kept causing it to keep going.
see my last post for the link to get it, then run the normans.

Good luck!

Quote from: katolkir on October 16, 2010, 02:46:27 AM

I have the EXACT same problem.

Avast picks up nothing.
I followed the tips below - nada.

<<TFC - Temp File Cleaner by OldTimer
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/>>

OK, cleaned 1G of temp files and stuff, but the problem is still there.

<<Dr.Web CureIt http://www.freedrweb.com/cureit/?lng=en>>

Site cannot be found.

<<How Do I Use Dr.Web CureIt!? http://www.freedrweb.com/cureit/how_it_works/>>

Gives you a bunch of products, six approximately - not sure which to download.

<<Norman Malware Cleaner http://www.norman.com/support/support_tools/58732/en-us>>

OK, this one gave red "Gen.Rootkit" message, suggested to restart, which I did, then it scanned again, and again the same message right away, restart, again the same thing, round and round it goes. Is it in my memory? Then what should I do? On their site it says that it would not run in Safe Mode, but I'm desparate, so I tried nevertheless, and it actually ran, found and killed a bunch of files in my very old achives - can't be dangerous. Never mind, the problem is still there.
Help?

katolkir · « **Reply #6 on:** October 16, 2010, 03:50:11 AM »

Wow, man, thanks a bunch, kaspersky did fix it. Running Norman now, but my IE already behaves normally.
Thanks again for this. How did you know where to find this tdskiller?

greebly · « **Reply #7 on:** October 16, 2010, 11:30:48 AM »

Google is a wonderful thing

KH333 · « **Reply #8 on:** October 29, 2010, 09:17:28 PM »

the Kaspersky fix worked for me too! Thanks a thousand times!

MarsK · « **Reply #9 on:** October 30, 2010, 02:12:52 PM »

The tool worked for us too. Thanks a ton!

Author Topic: threat warning for url:mal iexplore and svchost (Read 9933 times)

greebly

threat warning for url:mal iexplore and svchost

greebly

Re: threat warning for url:mal iexplore and svchost

Pondus

Re: threat warning for url:mal iexplore and svchost

katolkir

Re: threat warning for url:mal iexplore and svchost

greebly

Re: threat warning for url:mal iexplore and svchost

greebly

Re: threat warning for url:mal iexplore and svchost

katolkir

Re: threat warning for url:mal iexplore and svchost

greebly

Re: threat warning for url:mal iexplore and svchost

KH333

Re: threat warning for url:mal iexplore and svchost

MarsK

Re: threat warning for url:mal iexplore and svchost