Harmful Webpage

[denebuff]

Ok Steve
here is what I got.

[denebuff]

Ok Steve here is what I got.

[Michael (alan1998)]

Essex is asleep. Check back tomorrow...

[denebuff]

OK Thank You Will Do.

[essexboy]

Hi there, I have two possibilities in mind so lets see which it is

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[denebuff]

As soon as I turned on my AVAST it started again with the Thereat has been detected.
I have attached the log from combo fix

[essexboy]

Got it, it appears that blackbeard has changed and is now targeting XP
 
1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 
 
3. Open notepad and copy/paste the text in the quotebox below into it:
 

FCopy::
c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll|c:\windows\system32\rpcss.dll

 
Save this as CFScript.txt, in the same location as ComboFix.exe
 
 
 
 
Refering to the picture above, drag CFScript into ComboFix.exe
 
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[denebuff]

OK I did what you asked and attached the New Log. As soon as I got back on the net and turned on my AVAST I got the threat message that "a threat has been detected".  are we getting close

[denebuff]

Now the threat as a new name. "colombus45 and a few other names I think we have them on the run!

[denebuff]

stupid question, but should I be doing a reboot after each run? before I get back on line?

[denebuff]

Here is the other name on the warning.
I don't know if this makes a difference or not.

[Secondmineboy]

Essexboy is in bed now since its midnight in the UK.

Check back tomorrow.

[denebuff]

OK Thank You for all your continued support.
I will be back on line after 11:30 am Eastern Standard Time, as I live In PA. USA

[Michael (alan1998)]

Ust to explain a little bit... You were infected by the "Blackbeard" Trojan. It has modified svchost or made a new one to contact these domains to further infect your PC. To address your comment "I think we have it on the run", while Essex directly targets the malware,yes we do.

The process responsible is svchost, which most likely they'll be 5+ of them in task manager, so don't try to kill it since it most likely has a restore reg key to relaunch it.

[denebuff]

Michael
I can not thank the people of the site for all there help. as of right now AVAST is not giving me the alert Malwarebytes is.