Author Topic: Keep getting redirects  (Read 10109 times)

0 Members and 1 Guest are viewing this topic.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Keep getting redirects
« Reply #15 on: September 14, 2012, 09:49:03 PM »
Quote
BTW nice avatar
Hehe, tnx  :)


Here's the thing abaut C:\WINDOWS\Temp\_avast_\unp*.tmp

This is from your aswBoot.txt

Quote
08/12/2012 11:54
Scan of all local drives

File C:\WINDOWS\Temp\_avast_\unp227387437.tmp is infected by Win32:Agent-APHV [Trj], Deleted
Number of searched folders: 8536
Number of tested files: 548758
Number of infected files: 1

Can you locate this file? Do you have this file?
Code: [Select]
C:\WINDOWS\Temp\_avast_\unp227387437.tmp
I think that file is not there, but try to locate. If file is there...send file to
Code: [Select]
virus@avast.com
https://support.avast.com/index.php


Right click the file(s) and add it to an archive/compressed file
Enter a password, preferrably: virus
---------------------

If not, here you can read more about this detection.
Simular:
http://forum.avast.com/index.php?topic=85750.0


In the e-mail also copy the link to this topic .


***************************

Then ...

Re-run OTL.exe.

  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

Code: [Select]

:Commands
[CREATERESTOREPOINT]
[purity]
[emptytemp]
[EMPTYFLASH]
[EMPTYJAVA]
[Reboot]


  • Then click the Run Fix button at the top.
  • Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
************


> Re-run OTL, click on QuickScan and attach here fresh OTL.txt log.

> Do you still have pop-ups?

Charlierc

  • Guest
Re: Keep getting redirects
« Reply #16 on: September 15, 2012, 03:12:40 PM »
otl has been running for about 9 hours.  At the bottom of the screen it says don't interrupt .  Nothing seems to be happening though.  every once in a while the hard drive light will blink.  is this normal?

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Keep getting redirects
« Reply #17 on: September 15, 2012, 03:29:24 PM »
otl has been running for about 9 hours.  At the bottom of the screen it says don't interrupt .  Nothing seems to be happening though.  every once in a while the hard drive light will blink.  is this normal?

No, its not normal. Stop OTL.

- Reboot your computer.

- Disable Malwarebytes and your antivirus.

- Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
- Again check that you're Malwarebytes and Antivirus was disabled. 

- Repeat OTL Fix 

-Attach here OTL reports.

- Reboot your computer. Turn on protections. Do you still have pop-ups?

Charlierc

  • Guest
Re: Keep getting redirects
« Reply #18 on: September 15, 2012, 08:07:14 PM »
Ok.  OTL log attached.  rebooting and looking to see if redirects continue.

Charlie

Charlierc

  • Guest
Re: Keep getting redirects
« Reply #19 on: September 15, 2012, 08:14:52 PM »
First google search and got the same Avast popup box blocking malicious URL.   :(

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Keep getting redirects
« Reply #20 on: September 15, 2012, 08:59:27 PM »
Hm ... ok

Re-run OTL.exe.

  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

Code: [Select]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-73586283-261903793-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-73586283-261903793-725345543-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FF - prefs.js..extensions.enabledAddons: {02FB5EBB-E197-11E1-8270-B8AC6F996F26}:2.0.14
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{02FB5EBB-E197-11E1-8270-B8AC6F996F26}: C:\Documents and Settings\Charlie\Local Settings\Application Data\{02FB5EBB-E197-11E1-8270-B8AC6F996F26}\ [2012/08/08 16:24:20 | 000,000,000 | ---D | M]
[2012/08/08 16:24:20 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\DOCUMENTS AND SETTINGS\CHARLIE\LOCAL SETTINGS\APPLICATION DATA\{02FB5EBB-E197-11E1-8270-B8AC6F996F26}

:files
ipconfig /flushdns /c

:commands
[emptytemp]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
**************************


> Re-run OTL , click on QuickScan and attach here fresh OTL.txt log

Charlierc

  • Guest
Re: Keep getting redirects
« Reply #21 on: September 15, 2012, 11:35:38 PM »
Ok.  Here are the logs

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Keep getting redirects
« Reply #22 on: September 16, 2012, 12:10:51 AM »
Ok, do you still have avast pop-ups? 

And if you do, in which Browsers?
« Last Edit: September 16, 2012, 12:13:01 AM by magna86 »

Charlierc

  • Guest
Re: Keep getting redirects
« Reply #23 on: September 16, 2012, 12:17:59 AM »
So far so good.  :D
I will keep an eye on it.  Any other directions?

Thanks for your patience and help.  You guys are the best.

Charlie

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Keep getting redirects
« Reply #24 on: September 16, 2012, 12:32:08 AM »
Nice.  Monitor your system, how is works, any pop-ups and let me know tomorrow.

Used tools can be deleted. Keep OTL by tomorrow.


It is necessary to uninstall ComboFix :
  • Click Start (or ) then Run.


    On Windows7 or Vista you may use Start Search field if Run is not available.

  • In the line of text type in (Copy) the following:
Code: [Select]
ComboFix /Uninstall
    Note that there is a space between " ComboFix " and " /Uninstall " .

    • then click OK (or press Enter ).
    Wait for the uninstall process is complete.



    Charlierc

    • Guest
    Re: Keep getting redirects
    « Reply #25 on: September 17, 2012, 12:02:44 AM »
    Everything seems fine, no redirects so far.  What closing steps should I follow?

    Thanks again for all your help,

    Charlie

    Offline magna86

    • Anti Malware Fighter
    • Avast Evangelist
    • Massive Poster
    • ***
    • Posts: 4235
      • Ambulanta MyCity Forum - ASAP Member
    Re: Keep getting redirects
    « Reply #26 on: September 17, 2012, 12:07:21 AM »
    Thanks again for all your help,

    Charlie

    Hi,Charlie.  I'm glad I could help. ;)

    > Re-run OTL and click on CleanUp! button.

    You will be asked to reboot the machine to finish the cleanup process, choose Yes.
    After the reboot all the tools we used should be gone.
    Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.