Author Topic: Please help with Virus / Malware problem - Win32:Malware-gen URL:Mal  (Read 45748 times)

0 Members and 2 Guests are viewing this topic.

marsd

  • Guest
Within the last couple months my computer has been running slower-
some info and what I have noticed

I use the internet alot for all sorts of googling- I go to all sorts of sights for research as I run a couple blogs plus Im always searching for answers to something-

only recently, within a week, have I got these constant avast warning messages when I use IE-- They are constant--- looking back on it now I did get a good amount of warnings in the last few months, but Im not sure if they were just standard avast blocks or abnormal-

My computer has had a problem for a few months where it will freeze sometimes when watching a video- any video- of some sort with no rhyme or reason, the screen will go black- I will then have to do a hard reboot
Im not sure if that has anything to do with this, but it may.. Sometimes I will watch the same video a 2nd or 3rd time and it will freeze the computer and the screen will go black on the 2nd or 3rd time watching the video-- this happens once a week or so

I have also noticed recently alot of problems with adobe flash- seems to happen on all browsers, firefox, IE, chrome-- I try to use firefox or chrome mostly, but sometimes have to use IE
I will get a message that " a script has stopped working click to continue or cancel" and I click continue sometimes and the same message will popup- Somtimes it will go away.. but sometimes It will continue popping up each time after a long hang in teh computer and I will have to hit cancel
This seems to happen when I am playing a game on facebook that requires flash- although it also happens at other times-

example-

warning: unresponsive script
A script on this page may be busy, or it may have stopped responding. You can stop the script now or you can continue to see if the script will complete

script: https://research.scottrade.com/qnr/resourcemanager/etcetc/content/packages/advancedchart.js.package.js:260

continue OR stop script

this time I tried hitting stop script and the same message popped back up- I then tried continue and it came back again-- computer hangs when I click


my constant avast warning that prompted me to investigate further has the info below-

It seems I get the messages mostly when I open IE. Then it seems I get more alerts when I go to google for a search.
I have had these messages popup from Avast and show as BLOCKED, but it will do it each time I use IE especially when I close the browser and reopen it

Infection Details
URL:   http://ytimg.biz/MCheck/VersionRequest.a...
Process:   C:\Program Files\Internet Explorer\iexpl...
Infection:   Win32:Malware-gen

Infection Details
URL:   http://fbccdn.biz/MCheck/VersionRequest....
Process:   C:\WINDOWS\assembly\NativeImages_v2.0.50...
Infection:   URL:Mal

Infection Details
URL:   http://93.190.44.14/MCheck/VersionReques...
Process:   C:\Program Files\Internet Explorer\iexpl...
Infection:   Win32:Malware-gen

Infection Details
URL:   http://ytimg.biz/MCheck/VersionRequest.a...
Process:   C:\Program Files\Internet Explorer\iexpl...
Infection:   Win32:Malware-gen

Infection Details
URL:   http://93.190.44.14/MCheck/VersionReques...
Process:   C:\Program Files\Internet Explorer\iexpl...
Infection:   Win32:Malware-gen


Malware blocked
avast web shield has blocked a harmful webpage or file
object: http:/.../VersionRequest.ashx?codename=ac
Infection: Win32:Malware-gen
Process: C:\Program Files\...\iexplore.exe



After running adwcleaner the computer restarted but it hung after I logged in and I could only see my wallpaper and the mouse moved, but nothing else for 10 mins so I had to do a hard restart

I was able to get the log file then on that restart--





# AdwCleaner v2.301 - Logfile created 05/24/2013 at 09:43:15
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Marwan - MSDSAWDLAB-PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Marwan\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Marwan\Start Menu\Programs\iLivid.lnk
Folder Deleted : C:\Documents and Settings\Marwan\Local Settings\Application Data\Ilivid
Folder Deleted : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Marwan\Application Data\Mozilla\Firefox\Profiles\fgzxe0fk.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3853 octets] - [24/05/2013 09:43:15]

########## EOF - C:\AdwCleaner[S1].txt - [3913 octets] ##########







marsd

  • Guest
attached AdwCleaner log file to this post

working on mbam

marsd

  • Guest
attached is most recent Mbam Log file-



Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5564
  • Spartan Warrior
hi marsd,

Good that you are now working on running and producing the logs for malware analysis.

Please attach all resulting logs, otherwise you will need several more posts to copy/paste them all in. 

Use Attachments and other options link directly below the text reply box you are writing in. 

Click that link and browse to the file you want to attach, and select 'Open'.  All files attached in this way will only be viewable by users logged into the web site; not viewable to those not logged in.  You can attach up to four logs at one time, up to 512 KB per post.  Additional attachments will require you use the (more attachments) link.

Much easier for you that way.

Once that is done, a certified malware removal expert will be notified.  Help will be on the way.
  • OTL
  • aswMBR.exe
are also required.  Please attach these logs as well.

[EDIT:]  Fixed typo.  Note you already are attaching logs whilst I was typing, so disregard instructions above.  A malware expert has been notified and will come in as soon as possible.  Time zone differences may come into play, so please be patient.
« Last Edit: May 24, 2013, 10:05:06 PM by mchain »
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801

marsd

  • Guest
Thanks, I am working on the logs and attaching-

Please see attached Other MBAM logs recently made that could be of use with info--



marsd

  • Guest
sorry-  this one is a duplicate-- same log--  the latest quick scan

 mbam-log-2013-05-24 (15-31-03).txt


others are older an are a full scan I believe.

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5564
  • Spartan Warrior
Last MBAM full scan on April 12th has positive hits, so that one can be useful.  Thanks for posting.  I've gone and notified a malware expert.
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Could you attach the OTL log please

Download OTL  to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post  both logs

marsd

  • Guest
I didnt know older MBAM scan could be useful-- here are more that may be useful with possible "hits"

plus I will attach MBAM as ANSI as I did not read that untill later--


marsd

  • Guest
2 of 3
older MBAM attached

marsd

  • Guest
Re: Please help with Virus / Malware problem - Win32:Malware-gen URL:Mal
« Reply #10 on: May 24, 2013, 10:52:59 PM »
3of 3
MBAM


marsd

  • Guest
Re: Please help with Virus / Malware problem - Win32:Malware-gen URL:Mal
« Reply #11 on: May 24, 2013, 10:56:01 PM »
essexboy + mchain-

Hi thank you in advance---

attached is OTL logs



Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Please help with Virus / Malware problem - Win32:Malware-gen URL:Mal
« Reply #12 on: May 24, 2013, 11:22:49 PM »
Not a lot showing there, but the URL's are bad

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

marsd

  • Guest
Re: Please help with Virus / Malware problem - Win32:Malware-gen URL:Mal
« Reply #13 on: May 24, 2013, 11:35:47 PM »
attached aswMBR


Will do Combofix now



marsd

  • Guest
Re: Please help with Virus / Malware problem - Win32:Malware-gen URL:Mal
« Reply #14 on: May 25, 2013, 12:49:21 AM »
Combofix attached-

I will check around with computer and report back