Author Topic: URL: Mal  (Read 1542 times)

Offline Pwadyal

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
URL: Mal
« on: September 17, 2012, 09:32:33 PM »
Object: http://i.trkjmp.com/crossdomain.xml
Infection: URL: Mal
Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

It says it on every website and I did a quick scan and full scan. Avast found nothing.

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21798
  • Gender: Male
    • Personal Message (Offline)
Re: URL: Mal
« Reply #1 on: September 17, 2012, 09:46:18 PM »
follow the guide and attach the logs

http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Pwadyal

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: URL: Mal
« Reply #2 on: October 03, 2012, 08:04:07 PM »
follow the guide and attach the logs

http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR


aswMBR freezes my computer when it runs. Not sure if it's supposed to do that?

Offline Pwadyal

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: URL: Mal
« Reply #3 on: October 03, 2012, 08:05:20 PM »
3rd attachment here - cudnt fit in on the previous post.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29082
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: URL: Mal
« Reply #4 on: October 03, 2012, 09:32:10 PM »
Hi you will need to manually remove Privatize from Chrome, then it will be completely gone

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKU\S-1-5-21-2414491415-3392443910-2700952820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKU\S-1-5-21-2414491415-3392443910-2700952820-1000\..\URLSearchHook: {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - No CLSID value found
IE - HKU\S-1-5-21-2414491415-3392443910-2700952820-1000\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - SOFTWARE\Classes\CLSID\{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}\InprocServer32 File not found
IE - HKU\S-1-5-21-2414491415-3392443910-2700952820-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.privitize.com/?aff=7&q={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Privitize VPN"
FF - prefs.js..keyword.URL: "http://search.privitize.com/?aff=7&q="
[2012/09/19 20:54:20 | 000,002,089 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\hrtkhle5.default\searchplugins\Startpins.xml
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll File not found
O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files (x86)\Celebrity Toolbar\mhxpcomi.dll File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Offline Pwadyal

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: URL: Mal
« Reply #5 on: October 03, 2012, 10:19:40 PM »
Thanks for the quick reply. First time getting malicious software downloaded -__-

Offline Mikesale945

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: URL: Mal
« Reply #6 on: October 04, 2012, 01:44:05 AM »
I'm having the same problem with Google. The problem is I can't post the logs because the verification is through Google. So I am posting on my phone

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29082
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: URL: Mal
« Reply #7 on: October 04, 2012, 01:47:11 PM »
@Pwadyal how is the computer behaving now ?

I'm having the same problem with Google. The problem is I can't post the logs because the verification is through Google. So I am posting on my phone
Once you have completed three post the verification should disappear, could you start your own thread please so that there is no confusion

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now