Author Topic: "Malicious URL Blocked" on every site  (Read 5682 times)

0 Members and 1 Guest are viewing this topic.

Justy6

  • Guest
"Malicious URL Blocked" on every site
« on: September 18, 2012, 06:35:39 AM »
I had the same problem that others have recently described, with each new site opened in the browser (Chrome) eliciting the "Malicious URL Blocked" pop-up message, so I ran all the initial scans detailed in the instructions provided, and will attach those logs here. The message actually stopped happening after the reboot required by the first tool (AdwCleaner), but even so, I am now very worried about what may still be lurking, mostly because I use this beast for online banking... in addition to my job and everything else. The Malwarebytes quick scan came up with four problems that it was then able to successfully remove... Not sure if that's pertinent info, but there it be. If someone on here can take a gander at the attached logs and let me know what, if anything, still needs to be done, I'd really appreciate it... Thanks.

Offline mikaelrask

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
Re: "Malicious URL Blocked" on every site
« Reply #1 on: September 19, 2012, 05:40:03 PM »
hey and welcome to the forum. and thanks for attaching the necessary logs i will drop a note to one of our malware expert here on the forum on your thread.
Windows 8.1 amd a10-5700 64 bit
12 GB ram 1 tb hard drive. Avast 18, MBAM

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: "Malicious URL Blocked" on every site
« Reply #2 on: September 19, 2012, 07:17:54 PM »
Monitoring  ;)

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: "Malicious URL Blocked" on every site
« Reply #3 on: September 19, 2012, 07:22:53 PM »
Hi,


Re-run OTL.exe.

  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

Code: [Select]

:files
C:\ProgramData\Best Buy pc app
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c

:OTL
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKU\S-1-5-21-1594937037-3753336031-2259013305-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O33 - MountPoints2\{1752014f-57ae-11e1-bbed-e069958c9783}\Shell - "" = AutoRun
O33 - MountPoints2\{1752014f-57ae-11e1-bbed-e069958c9783}\Shell\AutoRun\command - "" = K:\setup.exe -a

:commands
[CREATERESTOREPOINT]
[emptytemp]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
****************


As help for AdwCleaner, let's reset your browser settings.

Download AT-Destroyer by @Infospyware from here to your desktop.
http://www.infospyware.com/antispyware/at-destroyer/

( Click the green button Descarag )
note: The entire tool is on Spanish language.


  • Run AT-Destroyer
  • A pop-up warning, disclaimer appears tool. Press YES

    Black windows will open

  • Press Option 1 ( Buscar y Destruir ) [aka Search and Destroy]
AT-Destroyer momentarily disconnect the desktop.
If infected, the AT-Destroyer red lines indicate where the infection is detected, it will be green lines.
After the scan, you can again see the desktop and it will open a report, to be copied into your next reply commenting on how the system works.
If a program does not start, restart the PC.


*****************

Restart your computer. How is your computer running now?
« Last Edit: September 19, 2012, 07:37:44 PM by magna86 »

Justy6

  • Guest
Re: "Malicious URL Blocked" on every site
« Reply #4 on: September 20, 2012, 06:31:35 AM »
Hi, thanks for getting back to me... I re-ran the OTL scan with the text you provided in the box and have attached the report here. I also downloaded the AT-Destroyer and ran it as instructed. That log report is also attached. I saw one red line in the report, with the rest being green, but I have no idea what it said, as my Spanish is lacking to say the least. Aside from all my Google Chrome settings being reset (which I'm assuming was by design), the computer seems to be working fine... But it was pretty much working fine before that. I had just been getting the "Malicious URL Blocked" notice, but even that went away after the initial AdwCleaner scan. I did however start getting a semi-regular pop up from Malwarebytes saying that a malicious site was being blocked, but I'm not seeing that now. I'm just really concerned about my banking stuff and passwords, and whether or not I'll be able to change them from this computer, so let me know what these log reports are telling you and what else, if anything I need to do.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: "Malicious URL Blocked" on every site
« Reply #5 on: September 20, 2012, 04:53:20 PM »
Quote
I saw one red line in the report, with the rest being green, but I have no idea what it said, as my Spanish is lacking to say the least. Aside from all my Google Chrome settings being reset (which I'm assuming was by design)...

Yes, it was by design. From the log I see what the AT-Destrojer done. That's why I'm looking for feedback with logs.
I always know the current state of the system and I know what specific tools did...

Quote
I'm just really concerned about my banking stuff and passwords, and whether or not I'll be able to change them from this computer, so let me know...
When we finished case I'll tell you whether there is a need for it. Of course it is advised to do.

----------------



> Delete current OTL and download fresh one. Re-run OTL, click on RunScan and attach here fresh OTL.txt log.


> Please download aswMBR and save it to your desktop.

Double click aswMBR.exe to start the tool. Select Yes if prompted to download the Avast database.
  • Click Scan
     
  • Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
    Note: do NOT attempt any Fix yet.

Justy6

  • Guest
Re: "Malicious URL Blocked" on every site
« Reply #6 on: September 21, 2012, 06:10:28 AM »
Here are the two logs you asked for. How we lookin?

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: "Malicious URL Blocked" on every site
« Reply #7 on: September 21, 2012, 05:23:18 PM »
> Temporarily disable your Malwarebytes and AntiVirus program.
If you are unsure how to do this please read this or this Instruction.


Re-run OTL.exe.

  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

Code: [Select]

:OTL
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found

:files
C:\ProgramData\Best Buy pc app /d
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c

:commands
[CREATERESTOREPOINT]
[emptytemp]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
********************


How's your computer running now?
« Last Edit: September 21, 2012, 05:26:43 PM by magna86 »

Justy6

  • Guest
Re: "Malicious URL Blocked" on every site
« Reply #8 on: September 21, 2012, 06:04:20 PM »
Here is the last OTL report you requested. Computer still seems to be running fine... possibly even a tad quicker opening programs/sites (hard to tell, as it was already fairly quick).

...Awaiting further instructions.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: "Malicious URL Blocked" on every site
« Reply #9 on: September 21, 2012, 07:15:33 PM »
Logs also looks clean.
You did not have any kind of malware that is known to steal any data.

Anyway, if you do any banking or other financial transactions on the PC, it is always desirable to change the important password just for precaution.

We will remove used tool.

> Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.


Justy6

  • Guest
Re: "Malicious URL Blocked" on every site
« Reply #10 on: September 22, 2012, 08:26:04 PM »
Everything seems to be a-ok... Thanks for all your help.