Author Topic: "Malicious Url Blocked" keeps popping up  (Read 12208 times)

0 Members and 1 Guest are viewing this topic.

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: "Malicious Url Blocked" keeps popping up
« Reply #15 on: January 05, 2014, 06:26:02 PM »
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x91569AEC8C33CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,ko-KR;q=0.8,ja-JP;q=0.6,ko;q=0.4,ja;q=0.2
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {19CC4C7B-D93E-4222-9D25-894D54CA6D7A} URL = http://www.mysearchresults.com/search?&c=4001&t=10&q={searchTerms}
SearchScopes: HKCU - {4A9A9398-7D67-4814-A3D4-082FFF37EBB3} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3310511&CUI=UN18853568591632019&UM=2
SearchScopes: HKCU - {838B23D7-D828-434C-85EA-BB5C195D65FB} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyzyyEyDyEzytCtAtD0CyCtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1586713685&ir=
C:\Users\User\AppData\Roaming\Camdata.ini
C:\Users\User\AppData\Roaming\CamLayout.ini
C:\Users\User\AppData\Roaming\CamShapes.ini
C:\Users\User\AppData\Local\Temp\bitool.dll
C:\Users\User\AppData\Local\Temp\bi_cleaner.exe
C:\Users\User\AppData\Local\Temp\CommonInstaller.exe
C:\Users\User\AppData\Local\Temp\DrvInst64.exe
C:\Users\User\AppData\Local\Temp\EAD8C.exe
C:\Users\User\AppData\Local\Temp\i4jdel0.exe
C:\Users\User\AppData\Local\Temp\ntdll_dump.dll
C:\Users\User\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\User\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\User\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\User\AppData\Local\Temp\nvStInst.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sonarinst.exe
C:\Users\User\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\User\AppData\Local\Temp\tbentr.dll
C:\Users\User\AppData\Local\Temp\tbSwe0.dll
C:\Users\User\AppData\Local\Temp\uninst1.exe
C:\Users\User\AppData\Local\Temp\uninstalloption.exe
C:\Users\User\AppData\Local\Temp\x2blapi.dll
replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll C:\Windows\System32\rpcss.dll
2013-12-30 17:03 - 2013-12-30 17:03 - 00028672 _____ C:\Windows\system32\qjdwr.ejz
2013-12-30 16:51 - 2014-01-05 11:18 - 00000084 _____ C:\Windows\system32\iobyt.zwd
2013-12-30 16:50 - 2013-12-30 17:03 - 00000099 _____ C:\Windows\system32\cioco.pwn
2013-12-30 16:50 - 2013-12-30 16:50 - 00000064 _____ C:\Windows\system32\xkwrnot.wys
2013-12-30 16:32 - 2013-12-30 16:32 - 00101213 ____S C:\Windows\system32\kqsjzj.qqr

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE

javajerry

  • Guest
Re: "Malicious Url Blocked" keeps popping up
« Reply #16 on: January 05, 2014, 07:34:46 PM »
Solaris
I tried doing that stuff, nothing was out of the ordinary, or at least nothing to my untrained eye :\
Also, is the fixlist going to make my computer inaccessible. i want to know so I can prepare the other computer.

javajerry

  • Guest
Re: "Malicious Url Blocked" keeps popping up
« Reply #17 on: January 05, 2014, 08:05:00 PM »
Ok so it became unbootable again. This time I did what l you told me to do last time it was unbootable. After the scan finished how do I get it to boot normally.

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: "Malicious Url Blocked" keeps popping up
« Reply #18 on: January 05, 2014, 08:12:27 PM »
System file is infected so we need to replace it with clean one. In the process of replacing something went wrong...

Follow my previous instruction http://forum.avast.com/index.php?topic=144082.msg1045262#msg1045262
My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE

javajerry

  • Guest
Re: "Malicious Url Blocked" keeps popping up
« Reply #19 on: January 05, 2014, 08:46:07 PM »
I did. Here is the FRST.

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: "Malicious Url Blocked" keeps popping up
« Reply #20 on: January 05, 2014, 08:55:52 PM »
Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt

>>  Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  •     Press the Fix button once and wait.
  •     FRST will process fixlist.txt
  •     When finished, it will produce a log fixlog.txt on your USB flashdrive.
>>  Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally...
My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE

javajerry

  • Guest
Re: "Malicious Url Blocked" keeps popping up
« Reply #21 on: January 05, 2014, 09:12:22 PM »
My windows still won't boot normally. Here is the Fixlog.

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: "Malicious Url Blocked" keeps popping up
« Reply #22 on: January 05, 2014, 09:18:04 PM »
Open FRST once more, press Scan and attach fresh report...
My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE

javajerry

  • Guest
Re: "Malicious Url Blocked" keeps popping up
« Reply #23 on: January 05, 2014, 10:10:34 PM »
These scan are taking like 30minutes +, is that normal.
I attached the file.

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: "Malicious Url Blocked" keeps popping up
« Reply #24 on: January 05, 2014, 10:38:37 PM »
Open notepad.
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
  • Copy/Paste the contents of the code box below into Notepad.
Code: [Select]
LastRegBack: 2013-12-30 08:37
  • Save it to your USB flashdrive as fixlist.txt
>>  Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  •     Press the Fix button once and wait.
  •     FRST will process fixlist.txt
  •     When finished, it will produce a log fixlog.txt on your USB flashdrive.
>>  Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally...


Only if you cannot boot, follow the instructions below:



Open notepad.
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
  • Copy/Paste the contents of the code box below into Notepad.
Code: [Select]
Restore point made on: 2014-01-04 11:11:37
  • Save it to your USB flashdrive as fixlist.txt
>>  Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  •     Press the Fix button once and wait.
  •     FRST will process fixlist.txt
  •     When finished, it will produce a log fixlog.txt on your USB flashdrive.
>>  Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally...
My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE

javajerry

  • Guest
Re: "Malicious Url Blocked" keeps popping up
« Reply #25 on: January 05, 2014, 10:57:41 PM »
Both attempts were unsuccessful. I named the first attempt fixlog Fixlog(firstattempt) or something. The second one just named Fixlog is the second attempt.

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: "Malicious Url Blocked" keeps popping up
« Reply #26 on: January 05, 2014, 11:35:54 PM »
I have one more solution to try. Download file from this link, unzip it and copy rpcss.dll to USB flash.

Then, download attached fixlist.txt and save it to USB too.

Boot to recovery, open FRST and press Fix. Try to boot normally...

My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE

javajerry

  • Guest
Re: "Malicious Url Blocked" keeps popping up
« Reply #27 on: January 05, 2014, 11:59:32 PM »
That did it. Thank you very much for all your help. Take care!

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: "Malicious Url Blocked" keeps popping up
« Reply #28 on: January 06, 2014, 12:09:26 AM »
It's good to hear it  8)

We still need to do one more check to see is everything in order.

I'll give you the instructions tomorow, now it's late.

Bump the topic when you wish tomorow.
My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE

javajerry

  • Guest
Re: "Malicious Url Blocked" keeps popping up
« Reply #29 on: January 06, 2014, 05:34:08 PM »
Oh, alright. Sounds good.