Malicious url blocked

[theullrich]

thanks again

[magna86]

Okay, Zoek did a fantastic job but there's still work to do. Your malware (rootkit) is a bit specific, we need to dig a little deeper.

You need to re-try to run Combofix ( instructions are on the last page ). Delete old Combofix.exe ( drag & drop into Recycle bin ) and download fresh Combofix copy.
Re-run CF and attach here fresh Combofix.txt logreport.

- If CF fail again, let me know it, and move on Zoek. Same with zoek.exe. You will delete old zoek.exe ( drag & drop into Recycle bin ) and download new, fresh version of zoek.exe.


Re-run zoek.exe with this script:

Code: [Select]

filesrcm;
startupall;
DIR /S /A:L "%systemdrive%\*">>"%temp%\log.txt";b
C:\Windows\system32\services.exe;i
C:\Windows\SysNative\services.exe;i
firefoxlook;
chromelook;
Attach here fresh created zoek log

[theullrich]

combofix wont work not because the computer refuses to connect to the internet. just says local only on multiple networks both with and with out wifi. running zoek now.

[theullrich]

zoek log

[theullrich]

Internet came back randomly and i ran combofix. also windows defender came back.

[magna86]

Now is the time to remove one of those two antivirus.

Multiple Antivirus Programs

You are running more than 1 Antivirus program!


AV: avast! Antivirus
AV: Microsoft Security Essentials



Running - more than one - antivirus program is not recommended because:[list=1]

• They can conflict with each other.
• Report the other antivirus software as malicious.
• Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
• Can cause your computer to become unstable...run slowly and even, in rare cases, BSOD crash...etc

I strongly suggest you uninstall one of them.  Which one, is your decision.


----------------------------------

Then I want once more round with Combofix.


Delete Combofix, download fresh copy of Combofix.



Open notepad and copy/paste the text present inside the code box below:

Code: [Select]


KillAll::

ClearJavaCache::

DirLook::
c:\users\Ben\AppData\Roaming\QuickScan
c:\users\Ben\AppData\Roaming\mjusbsp



Save this as CFScript.txt



Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )

[theullrich]

I had only windows defender on this computer. when i got the virus and it disappeared completely, I got avast which is what I have on my other computer.

here is the combofix log.

[theullrich]

Also defender is not showing up in the add/remove or ccleaner. Any sugestions for a good install fixer?

[magna86]

Nope, you are using two AV. You need to uninstall one of them:

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Go here:  http://singularlabs.com/uninstallers/security-software/


If you decide to remove Microsoft Security Essentials, download and run it's tool. If you decide to remove avast! Antivirus, download avast uninstall tool.
Thouse tools will remove related leftovers.

Windows Defender on Vista /7 is AntiMalware program. It's fine.



 - Then re-run Combofix and attach here fresh CF log. Then tell me how is your computer running now?

[theullrich]

my computer seems to be working great again. Lol i knew I had two, but that root kit made windows defender unusable so I had to get something so I could scan with. Also my computer seems be working well now.

[magna86]

Does yours Windows Defender and Microsoft Security Essentials in proper operating now?

[theullrich]

running the Microsoft essentials uninstaller i get this from Microsoft fix it 50535
service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

and when I stop the service myself it just comes back.

[theullrich]

Also windows updater says I have a bunch of updates but it wont download them. Even if I do one at a time.

[magna86]

Ok, run this tool;




Download the ESET services repair tool, extract the file to your desktop.

• Double-click ServicesRepair.exe.
  
• If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
  
• Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  
• A log will be saved in the CCSupport folder the tool created on your desktop, please post the content in your next reply.

[theullrich]

ok. Essentials came back and updated. So i uninstalled it.