Author Topic: URL MAL...http://i.trkjmp.com/crossdomain.xml  (Read 1505 times)

Offline affrancos

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
URL MAL...http://i.trkjmp.com/crossdomain.xml
« on: September 18, 2012, 06:38:12 AM »
I think i have the same problem as the recent posts, it seems to be gones since i deleted firefox...

Offline affrancos

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Re: URL MAL...http://i.trkjmp.com/crossdomain.xml
« Reply #1 on: September 18, 2012, 05:20:17 PM »
any help? anyone?

Offline magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3245
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Offline)
Re: URL MAL...http://i.trkjmp.com/crossdomain.xml
« Reply #2 on: September 18, 2012, 06:00:09 PM »
Monitoring  8)

Offline magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3245
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Offline)
Re: URL MAL...http://i.trkjmp.com/crossdomain.xml
« Reply #3 on: September 18, 2012, 06:06:17 PM »
Hi affrancos.

I will be working on your Malware issues  ;)


  Step#1 

Re-run OTL.exe.

  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

Code: [Select]

:OTL
CHR - Extension: Codec-V = C:\Users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.20.61_0\crossrider
CHR - Extension: Codec-V = C:\Users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.20.61_0\
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [PlusService] C:\Program Files\Messenger Plus! Live\PlusService.exe File not found
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O33 - MountPoints2\{6ac723ef-35e9-11df-b63e-904ce5e60744}\Shell - "" = AutoRun
O33 - MountPoints2\{6ac723ef-35e9-11df-b63e-904ce5e60744}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6ac72415-35e9-11df-b63e-904ce5e60744}\Shell - "" = AutoRun
O33 - MountPoints2\{6ac72415-35e9-11df-b63e-904ce5e60744}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6ac72419-35e9-11df-b63e-904ce5e60744}\Shell - "" = AutoRun
O33 - MountPoints2\{6ac72419-35e9-11df-b63e-904ce5e60744}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9dbbe86f-35e6-11df-8d7c-904ce5e60744}\Shell - "" = AutoRun
O33 - MountPoints2\{9dbbe86f-35e6-11df-8d7c-904ce5e60744}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9dbbe88a-35e6-11df-8d7c-904ce5e60744}\Shell - "" = AutoRun
O33 - MountPoints2\{9dbbe88a-35e6-11df-8d7c-904ce5e60744}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9dbbe88d-35e6-11df-8d7c-904ce5e60744}\Shell - "" = AutoRun
O33 - MountPoints2\{9dbbe88d-35e6-11df-8d7c-904ce5e60744}\Shell\AutoRun\command - "" = F:\AutoRun.exe
[1 C:\Users\pipe\Desktop\*.tmp files -> C:\Users\pipe\Desktop\*.tmp -> ]

:files
C:\Users\Pipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c

:commands
[CREATERESTOREPOINT]
[emptytemp]


  • Then click the Run Fix button at the top.
  • Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
*********************

  Step#2 

> Re-run OTL , click on RunScan and attach here fresh OTL.txt log.



*********************

  Step#3 

> Check USB storage devices / removable drives


Download MCShield from one of the following links:

MyCity -  Official download link
Softpedija - Mirror download link

  • Double click MCShield-Setup to install the application.
  • Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
  • Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that has made MCShield.

Start -> All Programs -> MCShield -> Logs

Attach here -> AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.





Offline affrancos

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Re: URL MAL...http://i.trkjmp.com/crossdomain.xml
« Reply #4 on: September 19, 2012, 12:55:37 AM »
ok first txt. (0918...) is OTL with the code, OTL(1) is post fix.

thank you for the help.

Offline magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3245
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Offline)
Re: URL MAL...http://i.trkjmp.com/crossdomain.xml
« Reply #5 on: September 19, 2012, 02:10:55 PM »
Re-run OTL.exe.

  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

Code: [Select]

:services
aimz3cxe

:commands
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
************************

Let's reset your browser settings. 

Download AT-Destroyer by @Infospyware from here to your desktop.
http://www.infospyware.com/antispyware/at-destroyer/

( Click the green button Descarag )
note: The entire tool is on French language.


  • Run AT-Destroyer
  • A pop-up warning, disclaimer appears tool. Press YES

    Black windows will open

  • Press Option 1 ( Buscar y Destruir ) [aka Search and Destroy]
AT-Destroyer momentarily disconnect the desktop.
If infected, the AT-Destroyer red lines indicate where the infection is detected, it will be green lines.
After the scan, you can again see the desktop and it will open a report, to be copied into your next reply commenting on how the system works.
If a program does not start, restart the PC.


***************


Reboot your computer. How's your system running now?




« Last Edit: September 19, 2012, 02:16:26 PM by magna86 »

Offline affrancos

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Re: URL MAL...http://i.trkjmp.com/crossdomain.xml
« Reply #6 on: September 19, 2012, 05:25:26 PM »
its actually spanish  ;) but hey my computer is working great! thank you very much for your help, no more annoying pop up messages. i appreciate everything you've done  :) logs are attached.

Offline magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3245
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Offline)
Re: URL MAL...http://i.trkjmp.com/crossdomain.xml
« Reply #7 on: September 19, 2012, 05:35:12 PM »
its actually spanish  ;)

Ahaha, I didnt know.  ;D
Thanks for the info.  :D


> Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now