Author Topic: Infection(s) URL:MAL  (Read 2227 times)

Offline Micah2oo4

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Infection(s) URL:MAL
« on: September 22, 2012, 08:51:22 AM »
Yeah so I'm having the same problem another person has with the similar title. Avast keeps blocking these URL Mal: http://crossmatchx.com/x/   http://85.195.92.11/x/    http://paspartux.com/x/ exact same three as the other guy. I did a spybot search and destroy scan, which found 1 object, but did not fix problem. Did a MBAM scan which found 1 Object which did not fix the problem, and about 96% complete with avast scan and has found 1 object. Ok it just completed, didn't fix it. Partially my fault I got this, Avast asked me about suspicious program and I went to hit the button to deny it access but i accidentally clicked "execute program" >.> Major oops. Computer immediately restarted and this problem occurred. Any help will be greatly appreciated. Thank you in advance. Forgot to mention I'm on windows 7 ultimate.
« Last Edit: September 22, 2012, 08:56:19 AM by Micah2oo4 »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21731
  • Gender: Male
    • Personal Message (Offline)
Re: Infection(s) URL:MAL
« Reply #1 on: September 22, 2012, 09:03:29 AM »
follow this guide and attach the logs .....not copy and paste
http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Micah2oo4

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: Infection(s) URL:MAL
« Reply #2 on: September 22, 2012, 09:48:19 AM »
It will only allow me to post 4 at a time. The OTL and Extras are unicode, I have a copy of each in ANSI but it said "Many of the characters will be lost" and they are half the size of the unicode. This constant "Threat has been detected is insanely annoying but need sound to entertain my self while waiting. Any way to mute avast it self?



Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.22.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Micah :: MICAH-PC [administrator]

9/22/2012 5:53:40 AM
mbam-log-2012-09-22 (05-55-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 196025
Time elapsed: 2 minute(s), 4 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2960 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)
« Last Edit: September 22, 2012, 09:57:19 AM by Micah2oo4 »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21731
  • Gender: Male
    • Personal Message (Offline)
Re: Infection(s) URL:MAL
« Reply #3 on: September 22, 2012, 10:01:37 AM »
Quote
It will only allow me to post 4 at a time.
that is not a problem ....as we have room for more posts  :)

if you can open and read the OTL log you posted....then it is okay
if it looks like chinese.....then we need the ansi

it looks okay here on my ipad.... not sure if it is diplayed different on ipad


malware removers are notified. it may take several hours before one arrive so be patient
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Micah2oo4

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: Infection(s) URL:MAL
« Reply #4 on: September 22, 2012, 10:05:38 AM »
Think I have time to sleep? 6:04 am for me lol. When I get a virus on my PC, I generally don't sleep til it is fixed. >.>

Yeah so in my boredom of waiting. I scrolled through the forum and there is a bunch of people with this problem. Odd. Or in this case, Common.

Yep, I'm passing out, good night gonna set alarm to attempt to wake me in a few hours-ish.
« Last Edit: September 22, 2012, 10:37:19 AM by Micah2oo4 »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21731
  • Gender: Male
    • Personal Message (Offline)
Re: Infection(s) URL:MAL
« Reply #5 on: September 22, 2012, 10:46:13 AM »
essexboy is online now.....so if you stay up a bit longer.  ;)
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29024
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Infection(s) URL:MAL
« Reply #6 on: September 22, 2012, 10:47:39 AM »
Here I be...  OK let me know if this stops the alerts..  THe log that I will need to see will be located at C:\TDSSKiller date time

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 
  • Doubleclick on TDSSKiller.exe to run the application


  • Then click on Change parameters.
     

     
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
     
  • Click the Start Scan button.
     
     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     

     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

  • Get the report by selecting Reports

 
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.

Offline Micah2oo4

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: Infection(s) URL:MAL
« Reply #7 on: September 22, 2012, 05:44:27 PM »
The TDSSKiller was over 10,000 chars and would not let me post it. So I attached it to this post. I clicked copy to quarantine on the ones I could not heal. Had just woke up and thought i read it all. :( Hopefully no damage done.
It found 1 rootkit and 4 unsigned files. Moved 26 objects to quarantine.
« Last Edit: September 22, 2012, 05:53:22 PM by Micah2oo4 »

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29024
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Infection(s) URL:MAL
« Reply #8 on: September 22, 2012, 07:05:09 PM »
Hopefully the files were unimportant (They appeared to be )

Re-run TDSSKiller please with the same parameters
When you get the following select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

Avast may alert

Once done let me know what problems remain

Offline Micah2oo4

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: Infection(s) URL:MAL
« Reply #9 on: September 22, 2012, 08:28:56 PM »
still get 3 unsigned files, medium threat: Service: atchskrv, UNS, LMS. Ran Avast while i was at grocery store and found 5 objects which was quarantined. About to run Malwarebytes again, I've ran it 3 times since last post and it keeps finding the same 2 trojans, cannot recall which 2 but they keep comming back. Will let you know when it finishes.

Edit: 0 found on mbam this time.
« Last Edit: September 22, 2012, 09:11:47 PM by Micah2oo4 »

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29024
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Infection(s) URL:MAL
« Reply #10 on: September 22, 2012, 10:02:34 PM »
Could you post what MBAM finds please ... Also where the Avast detections in the TDSSKiller quarantine ? Or the OTL quarantine ?

Offline Micah2oo4

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: Infection(s) URL:MAL
« Reply #11 on: September 22, 2012, 10:38:54 PM »
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Micah :: MICAH-PC [administrator]

9/22/2012 4:29:06 PM
mbam-log-2012-09-22 (16-29-06).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 346526
Time elapsed: 34 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


In the TDSS quarantine. Also would like to note, I am not seeing any more "URL Blocked" messages.

Offline Micah2oo4

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: Infection(s) URL:MAL
« Reply #12 on: September 23, 2012, 09:48:39 AM »
Also I have noticed my PC has slowed down a large amount since this started, any way to fix this?

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29024
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Infection(s) URL:MAL
« Reply #13 on: September 23, 2012, 11:44:47 AM »
Lets clear my rubbish and empty the temporary files first and see if there is an improvement

Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself. 

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

 Upgrading Java:
  • Go to this site  and click Do I have Java
  • It will check your current version and then offer to update to the latest version
SPRING CLEAN

To manually create a new Restore Point
 
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.  Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?

Keep safe  :wave:

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now