Author Topic: Malicious URL Blocked- over and over and over  (Read 7329 times)

0 Members and 1 Guest are viewing this topic.

Offline grover8t

  • Newbie
  • *
  • Posts: 14
Re: Malicious URL Blocked- over and over and over
« Reply #15 on: August 27, 2013, 01:32:40 PM »
Still can't find text log.  Have a computer icon called "Combofix" on my C drive.  Any ideas what next?

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 46113
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Malicious URL Blocked- over and over and over
« Reply #16 on: August 27, 2013, 01:35:10 PM »
Still can't find text log.  Have a computer icon called "Combofix" on my C drive.  Any ideas what next?
Wait for a reply from essexboy. He is the one helping you.
Patience is a virtue. :)
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Malicious URL Blocked- over and over and over
« Reply #17 on: August 27, 2013, 03:15:27 PM »
Hi could you now re-run combofix please as it will sometimes require two hits to kill the bad boy

Offline grover8t

  • Newbie
  • *
  • Posts: 14
Re: Malicious URL Blocked- over and over and over
« Reply #18 on: August 29, 2013, 12:52:17 AM »
Yes, Bob, thank you.  As evidenced by the many hour lapses in my responses I am happy to be patient.  But I will be sure and remember your sound advice.

Essex, ran combofix again... I think the attached is the log you are requesting- have a whole file of combofix stuff now.  Pop ups still happening.  :( Not sure combofix ran completely as there were multiple crashes along the way?  Maybe I will run it again while I await your response.

Soooo thankful for your continued work on this!!!!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Malicious URL Blocked- over and over and over
« Reply #19 on: August 29, 2013, 03:05:53 PM »
That almost looks like an MBR infection but none of the other usual data points are there.  Does this happen in all browsers

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 
  • Doubleclick on TDSSKiller.exe to run the application


  • Then click on Change parameters.
     

     
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
     
  • Click the Start Scan button.
     
     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     

     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

  • Get the report by selecting Reports

 
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.

Offline grover8t

  • Newbie
  • *
  • Posts: 14
Re: Malicious URL Blocked- over and over and over
« Reply #20 on: August 30, 2013, 01:02:39 AM »
So the avast threat detector was popping up with no browser open.

And.... holding my breath... wait a sec... THAT LAST THING WORKED!

Hip hip hurray!  (Essexboy up on my family's shoulders and carried jubilantly around the room.)

HUZZAH!  HUZZAH!  Below is log.  Does it look gone to you???   ;D ;D ;D ;D ;D ;D ;D

18:55:07.0605 3880  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:55:08.0244 3880  ============================================================
18:55:08.0244 3880  Current date / time: 2013/08/29 18:55:08.0244
18:55:08.0244 3880  SystemInfo:
18:55:08.0244 3880 
18:55:08.0244 3880  OS Version: 6.0.6002 ServicePack: 2.0
18:55:08.0244 3880  Product type: Workstation
18:55:08.0244 3880  ComputerName: SONYLAPTOP
18:55:08.0244 3880  UserName: Ken
18:55:08.0244 3880  Windows directory: C:\Windows
18:55:08.0244 3880  System windows directory: C:\Windows
18:55:08.0244 3880  Running under WOW64
18:55:08.0244 3880  Processor architecture: Intel x64
18:55:08.0244 3880  Number of processors: 2
18:55:08.0244 3880  Page size: 0x1000
18:55:08.0244 3880  Boot type: Normal boot
18:55:08.0244 3880  ============================================================
18:55:11.0770 3880  BG loaded
18:55:13.0377 3880  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:55:13.0470 3880  ============================================================
18:55:13.0470 3880  \Device\Harddisk0\DR0:
18:55:13.0486 3880  MBR partitions:
18:55:13.0486 3880  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x15EB800, BlocksNum 0x23E42AB0
18:55:13.0486 3880  ============================================================
18:55:13.0657 3880  C: <-> \Device\Harddisk0\DR0\Partition1
18:55:13.0657 3880  ============================================================
18:55:13.0657 3880  Initialize success
18:55:13.0657 3880  ============================================================


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Malicious URL Blocked- over and over and over
« Reply #21 on: August 30, 2013, 01:49:42 PM »
There will be a larger log at C:\TDSSKiller date time could you attach that please