Author Topic: Malicious URL Blocked (Read 10965 times)

Duh_ · « **on:** September 13, 2013, 07:04:26 PM »

Repeatedly popping up to no avail. Might have been from infected file on USB

Secondmineboy · « **Reply #1 on:** September 13, 2013, 07:08:33 PM »

Could be an infection.

Just do what is show in this topic and ATTACH logs: http://forum.avast.com/index.php?topic=53253.0
Best is to run in listed order.

When all logs are attached malware removers will be notified.

Secondmineboy · « **Reply #2 on:** September 13, 2013, 07:09:35 PM »

There are 26 things that have been blocked as you can see on the top right of the alert.

Why do you think this came from an infected USB?

Duh_ · « **Reply #3 on:** September 13, 2013, 07:41:46 PM »

I downloaded a file onto a usb last week Steven and have been inundated with similar notifications since. I will upload the logs as soon as i can, thanks for helping.

Secondmineboy · « **Reply #4 on:** September 13, 2013, 07:43:22 PM »

No problem.

You have time enough for that

Duh_ · « **Reply #5 on:** September 13, 2013, 07:47:51 PM »

# AdwCleaner v3.003 - Report created 13/09/2013 at 13:16:32
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Power User - POWERUSER-PC
# Running from : C:\Users\Power User\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Users\Power User\AppData\Local\Conduit
Folder Deleted : C:\Users\Power User\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\POWERU~1\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Power User\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Power User\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Power User\AppData\LocalLow\MyAshampoo
File Deleted : C:\END
File Deleted : C:\Users\Power User\AppData\Roaming\Mozilla\Firefox\Profiles\mhnyloif.default\searchplugins\whitesmoke-new-customized-web-search.xml
File Deleted : C:\Users\Power User\AppData\Roaming\Mozilla\Firefox\Profiles\mhnyloif.default\user.js
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77527D11-60E6-4E60-98F9-3710FDDB6BB3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77527D11-60E6-4E60-98F9-3710FDDB6BB3}

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFB99EDC-F32A-443A-AD86-16E67DD9A7D3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AED9CE0-1F60-4F5A-9FD4-5E9EE1CF518B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SmartbarLog
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\MyAshampoo\toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\MyAshampoo
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\MyAshampoo\toolbar
Key Deleted : HKLM\Software\MyAshampoo
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Power User\AppData\Roaming\Mozilla\Firefox\Profiles\mhnyloif.default\prefs.js ]

Line Deleted : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1372360178019,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN61937745427106121&UM=2&SearchSource=3&q={searchTerms}&sspv=TB_CER");
Line Deleted : user_pref("smartbar.machineId", "TAPXFNR7UKC2VBEO9FYQR2S81OXEWQREQZECZVJOMWG4XT1EC/AKNE7RGWVTYSDXHHG696RGHX9VYBMADVOGCA");

*************************

AdwCleaner[R0].txt - [8454 octets] - [13/09/2013 13:14:13]
AdwCleaner[S0].txt - [7025 octets] - [13/09/2013 13:16:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7085 octets] ##########

Secondmineboy · « **Reply #6 on:** September 13, 2013, 07:51:31 PM »

Thats a ton of Adware in your browser man.

For the next Attachments choose the Attachments and other options below the Answer box.(Screenshot)

The text would be too long for these boxes.

Secondmineboy · « **Reply #7 on:** September 13, 2013, 07:54:09 PM »

You can keep Malwarebytes later as free version or you can purchase a LIFETIME LICENSE for 24,99 Dollars i think.

Duh_ · « **Reply #8 on:** September 13, 2013, 08:22:27 PM »

I'm not in the market right now. I will definitely refer it to any friends I know having the same difficulties.

Duh_ · « **Reply #9 on:** September 13, 2013, 08:28:54 PM »

Oh, wait

Duh_ · « **Reply #10 on:** September 13, 2013, 08:42:42 PM »

OTL, Steven, are you with me chap?

Duh_ · « **Reply #11 on:** September 13, 2013, 09:03:16 PM »

Alright lad, here goes the final log.

Secondmineboy · « **Reply #12 on:** September 13, 2013, 09:05:51 PM »

Yes im here.

I will notify an malware remover now.

If one is online he will maybe help you now.

Secondmineboy · « **Reply #13 on:** September 13, 2013, 09:08:57 PM »

OK. I notified Essexboy, he or someone other will help you when he/they are/is online.

But please be patient.

Duh_ · « **Reply #14 on:** September 13, 2013, 09:14:28 PM »

Fine work!

Author Topic: Malicious URL Blocked (Read 10965 times)

Duh_

Malicious URL Blocked

Secondmineboy

Re: Malicious URL Blocked

Secondmineboy

Re: Malicious URL Blocked

Duh_

Re: Malicious URL Blocked

Secondmineboy

Re: Malicious URL Blocked

Duh_

Re: Malicious URL Blocked

Secondmineboy

Re: Malicious URL Blocked

Secondmineboy

Re: Malicious URL Blocked

Duh_

Re: Malicious URL Blocked

Duh_

Re: Malicious URL Blocked

Duh_

Re: Malicious URL Blocked

Duh_

Re: Malicious URL Blocked

Secondmineboy

Re: Malicious URL Blocked

Secondmineboy

Re: Malicious URL Blocked

Duh_

Re: Malicious URL Blocked