« previous next »
Pages: [1]   Go Down

Author Topic: Malicious URL Blocked  (Read 2792 times)

0 Members and 1 Guest are viewing this topic.

vtmckoy

  • Guest
Malicious URL Blocked
« on: December 18, 2012, 06:29:33 PM »
I am continually receiving "Malicious URL Blocked" messages.  I am running Microsoft Windows XP Professional, Version 2002, Service Pack 3.  These messages pop up every 2 minutes or so--especially when using Google Chrome.  I ran OTL and attached are the 2 files--OTL.txt and Extras.txt.

Can someone please assist with this issue?

Thank you,
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37545
  • Not a avast user
Re: Malicious URL Blocked
« Reply #1 on: December 18, 2012, 06:54:55 PM »
also run AdwCleaner / malwarebytes / aswMBR. and attach the logs

http://forum.avast.com/index.php?topic=53253.0
« Last Edit: December 18, 2012, 06:56:34 PM by Pondus »
Logged

vtmckoy

  • Guest
Re: Malicious URL Blocked
« Reply #2 on: December 18, 2012, 09:30:40 PM »
Hi,

Attached are the additional requested logs.

Thank you,
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malicious URL Blocked
« Reply #3 on: December 18, 2012, 09:37:19 PM »
Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O3 - HKLM\..\Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKU\.DEFAULT..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{7726CF62-7B45-4E6D-9266-615346816BCA}"" File not found
O4 - HKU\S-1-5-18..\RunOnce: [configmsi] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{7726CF62-7B45-4E6D-9266-615346816BCA}"" File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)

:Files
C:\Program Files\Searchqu Toolbar

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 
  • Doubleclick on TDSSKiller.exe to run the application


  • Then click on Change parameters.
     

     
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
     
  • Click the Start Scan button.
     
     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     

     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

  • Get the report by selecting Reports

 
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
Logged

vtmckoy

  • Guest
Re: Malicious URL Blocked
« Reply #4 on: December 18, 2012, 11:21:57 PM »
essexboy:

I implemented the steps you requested.  However, on TDSSKiller, where you stated to "Ensure Cure is selected", I never saw a "Cure" option.  Attached are the 2 reports.

Thank you,

 
Logged

vtmckoy

  • Guest
Re: Malicious URL Blocked
« Reply #5 on: December 19, 2012, 12:47:01 AM »
essexboy,

After everything was rebooted, I am able to go to google (via google chrome); and, I am not receiving the Malicious URL Blocked messages.

I am assuming the fix worked.  Thank you very much; also, thanks to everyone who replied.  I'll keep an eye on it to see if there are any re-occurrences. 

Thanks again...
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malicious URL Blocked
« Reply #6 on: December 19, 2012, 03:21:40 PM »
Could you re-run TDSSKiller with the same parameters
When the following appears select delete

\Device\Harddisk0\DR0 ( TDSS File System )
Logged
Pages: [1]   Go Up
« previous next »