Author Topic: Malicious URL Blocked msgs  (Read 2223 times)

Offline stummies0

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Malicious URL Blocked msgs
« on: September 25, 2012, 01:17:29 AM »
I keep getting the same 3 malicious URL blocked msgs for crossmatchx.com/x/, paspartux.com/x/ and 85.195.92.11 about every 30 seconds.  It doesn't matter if I'm on the internet or just starting my computer either.  And the computer is very sluggish as well.  Per your instructions will attach Adw cleaner, malware anti-malware bytes, OTL, and ASW MBR logs.  Here is the MBAM log to start.  Thanks for your help. 

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.22.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Daryl Lee :: DARYL [administrator]

9/24/2012 5:19:50 PM
mbam-log-2012-09-24 (17-19-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186602
Time elapsed: 17 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Offline stummies0

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: Malicious URL Blocked msgs
« Reply #1 on: September 25, 2012, 01:58:05 AM »
OTL and Extras logfiles and aswMBR attached. 

Offline CharleyO

  • avast! Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7102
  • Gender: Male
  • Be alert for error code - ID 10T
    • Personal Message (Offline)
Re: Malicious URL Blocked msgs
« Reply #2 on: September 25, 2012, 02:57:51 AM »
***

Please be patient as one of the expert malware helper will help as soon as they can.

Different time zones around the world, you know.


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3245
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Offline)
Re: Malicious URL Blocked msgs
« Reply #3 on: September 25, 2012, 02:29:37 PM »
Im on it...  8)

Offline magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3245
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Offline)
Re: Malicious URL Blocked msgs
« Reply #4 on: September 25, 2012, 02:36:42 PM »
@stummies0
Hi,
I will be working on your Malware issues  ;)



 Step#1 


Download TDSSKiller  and save it to your desktop

    Execute TDSSKiller.exe by doubleclicking on it.

Note: If TDSSKiller refuses to run, rename it into something else, random.

  •     Press Start Scan

     
  •   If Suspicious object is detected, the default action will be Skip, click on Continue.
     
  •   If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


***************************







> Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

> Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

How to disable avast:

  • Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
  • In the window that opens on the top right corner, click Settings.
  • In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

  • Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
  • In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.



> Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.

ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.

If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.


> When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
  Attach log reports ( ComboFix.txt) back to topic.




Offline stummies0

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: Malicious URL Blocked msgs
« Reply #5 on: September 25, 2012, 08:32:18 PM »
TDSS and Combofix logs attached as instructed.  Thanks

Offline magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3245
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Offline)
Re: Malicious URL Blocked msgs
« Reply #6 on: September 25, 2012, 09:08:24 PM »
    Hi, stummies0

Multiple Antivirus Programs

You are running more than 1 Antivirus program!


AV: avast! Antivirus *Disabled/Updated
AV: Lavasoft Ad-Aware *Enabled/Updated




Running - more than one - antivirus program is not recommended because:[list=1]
  • They can conflict with each other.
  • Report the other antivirus software as malicious.
  • Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
  • Can cause your computer to become unstable...run slowly and even, in rare cases, BSOD crash...etc
I strongly suggest you uninstall one of them.  Which one, is your decision.




Step#1.1 

  • Re-run TDSSKiller.exe and click on Change parametres.
  • Under Additional options check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Click on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and attach the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

******************

Step#1.2 


Again re-run TDSSKiller as before (with change parametres ) and use Delete option for this entry if shows:

\Device\Harddisk0\DR0 ( TDSS File System )



**************************



Step#2 


Re-run Combofix and attach here fresh Combofix.txt log


Offline stummies0

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: Malicious URL Blocked msgs
« Reply #7 on: September 26, 2012, 12:41:15 AM »
Thanks for the tip.  I deleted the lavasoft adware program as instructed.  Here are the logs for TDSS Killer and Combofix. 

Offline magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3245
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Offline)
Re: Malicious URL Blocked msgs
« Reply #8 on: September 26, 2012, 12:50:52 AM »
Open notepad and copy/paste the text present inside the code box below:


Code: [Select]

SkipFix::

ClearJavaCache::

DirLook::
c:\documents and settings\Daryl Lee\Application Data\blekko

Firefox::
FF - ProfilePath - c:\documents and settings\Daryl Lee\Application Data\Mozilla\Firefox\Profiles\020zh7lu.default\
FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=C32E6A24B857A248349E69505E1B87C0




Save this as CFScript.txt



Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )


*******************



> Please, re-run aswMBR and attach here fresh aswMBR.txt log.

How's your computer running now?

Offline stummies0

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: Malicious URL Blocked msgs
« Reply #9 on: September 26, 2012, 04:34:49 AM »
It appears to be running more smoothly without the lag time that was present when it got infected.  Since I have the avast program disabled I can't say if the malicious URL blocked msgs are gone but overall performance is much better.  Thanks 

Offline magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3245
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Offline)
Re: Malicious URL Blocked msgs
« Reply #10 on: September 26, 2012, 10:56:43 AM »
Since I have the avast program disabled I can't say if the malicious URL blocked msgs are gone but overall performance is much better.  Thanks

Turn on avast and tell me if pop-up comes back ...



Offline stummies0

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: Malicious URL Blocked msgs
« Reply #11 on: September 27, 2012, 01:45:03 AM »
Avast reactivated and the pops up have stopped.  Thanks for all your help :)

Offline magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3245
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Offline)
Re: Malicious URL Blocked msgs
« Reply #12 on: September 27, 2012, 06:53:23 AM »
Nice...  8)


It is necessary to uninstall ComboFix :
  • Click Start (or ) then Run.


    On Windows7 or Vista you may use Start Search field if Run is not available.

  • In the line of text type in (Copy) the following:
Code: [Select]
ComboFix /Uninstall
    Note that there is a space between " ComboFix " and " /Uninstall " .

    • then click OK (or press Enter ).
    Wait for the uninstall process is complete.

    ******************

    > Re-run OTL and click on CleanUp! button.

    You will be asked to reboot the machine to finish the cleanup process, choose Yes.
    After the reboot all the tools we used should be gone.
    Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.


     

    Google Chrome

    AVAST recommends using the FREE Google Chrome™ browser.

    Download Google Chrome Now