Author Topic: Malicious URL Blocked (Read 12829 times)

kissagain · « **Reply #30 on:** May 18, 2014, 10:13:01 PM »

HI,

Iminent was not on the Uninstall list. I don' think I have seen it there previously either.

I have tried to uninstall the Buzzsearch in the past but after a couple times it said and error occred and that it may have already been uninstalled and asked if I wanted to remove it from the list. I said yes or clicked ok... whichever needed to remove it from list.

When attempting to uninstall Community Smartbar, a message came up that read "The feature you are trying to use is on a network resource that is unavailable. Click OK or enter and alternate path to the folder containing the installation package 'LinkuryInstaller.msi in the box below."
I clicked ok to try again and the window disappeared.

When I attempted to uninstall Community Smartbar Engine, nothing seemed to happen at all. No messages even.

I have un the FRST and the zoek as you indicated with the sections copied and pasted. You will find the resulting logs requested attached.

magna86 · « **Reply #31 on:** May 18, 2014, 10:33:03 PM »

Hi,

Please re-run zoek with this script as I am not satisfied with the postedt zoek log.

Code: [Select]

FilesRCM;
StartUpAll;
Installer-List;
Uninstall-List;
FirefoxLook;
ChromeLook;

When zoek finish his scanning, post me the fresh created zoek log.

kissagain · « **Reply #32 on:** May 18, 2014, 10:43:42 PM »

zoek_results log attached

magna86 · « **Reply #33 on:** May 18, 2014, 11:23:24 PM »

Hi,

This is the same incomplete zoek report as the first one posted above.
Tell me, did you wait for zoek to finish his work?

In any case post me the fresh FRST.txt report.
Also I would like to preform the ARK (antirootkit) scan:

Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.

Press Start Scan
If Suspicious object is detected, the default action will be Skip, click on Continue.
If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

kissagain · « **Reply #34 on:** May 19, 2014, 12:27:31 AM »

I appologize for the mixup.... too many logs...

Three logs attached

magna86 · « **Reply #35 on:** May 19, 2014, 01:18:22 AM »

Re-run zoek tool ...

Close any open browsers . .
Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
Double click on zoek.exe to run the tool .
Please wait while the tool does not start...
Copy the text present inside the code box below and paste it into the large window in the zoek tool:

Quote

C:\Program Files (x86)\AskPartnerNetwork;fs
C:\Program Files (x86)\Ask.com;fs
C:\Program Files (x86)\AVG;fs
C:\Program Files (x86)\Iminent;fs
C:\Users\Jim\AppData\Roaming\AVG April 2013 Campaign;fs
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_TRAY];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMBooster];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_ROC_APR2013_AV];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AVGIDSAgent];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\avgwd];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Update BuzzSearch];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Util BuzzSearch];r
jmfkcklnlgedgbglfkkgedjfmejoahla;chr
AutoClean;
Reboot;

Click on button.
Please wait until a logreport will open (this can be after reboot)
Attach here fresh created zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"

kissagain · « **Reply #36 on:** May 19, 2014, 02:21:30 AM »

The latest zoek-results log attached.

magna86 · « **Reply #37 on:** May 19, 2014, 11:44:51 AM »

Hi,

Ok, situation is the next. The latest set of FRST logs doesn't show the active malware, we have clean it all. With Zoek we have preform the advanced junk & leftover cleaning and ARK scan doesn't show detections.

Now run this zoek script just to hit some lefted item and then tell me how is the computer behavior now?

Code: [Select]

jmfkcklnlgedgbglfkkgedjfmejoahla;chr

kissagain · « **Reply #38 on:** May 19, 2014, 06:18:01 PM »

requested log attached.

I have been told that the computer seems to be working fine in the past couple days particularly.

As for MY notices, I noticed yesterday I was at a particular website on this computer that in the past had been giving several problems and had resulted in alerts, was acting up only slightly a couple times going to my selected area of the page to the bottom of the page without my scrolling at the time.... jumping up and down a couple times. That little problem didn't occur today when doing to the site, briefly at least.

The only thing I notice now particularly is that the "New Tab" is not the same format or design as it was before we began working here via the forum. It is not in the block options and design as the standard Windows7 "New Tab".

magna86 · « **Reply #39 on:** May 19, 2014, 06:23:17 PM »

Hi, this is not malware related. You may use browser (Firefox/Chrome) settings to fix "new tab" as suits you if you will.

• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

kissagain · « **Reply #40 on:** May 19, 2014, 06:45:41 PM »

That program removed all except the following:

mbam setup
mbar
AppRemover

magna86 · « **Reply #41 on:** May 19, 2014, 08:19:48 PM »

Hi, DelFix shall not attempt to target the MBAM as this is a software, not a tool. You may keep Malwarebytes as it comes as additonal protection to your AV.
Note that MBAM isn't AntiVirus, but AntiMalware program. Same apply for AppRemover. You may delete AppRemover manualy.

kissagain · « **Reply #42 on:** May 20, 2014, 09:29:31 PM »

hi,
It appears we're finished here. Thank you for your efforts and I apologize for any frustrations that I may have caused you.
Thank you!
kissagain

Author Topic: Malicious URL Blocked (Read 12829 times)

kissagain

Re: Malicious URL Blocked

magna86

Re: Malicious URL Blocked

kissagain

Re: Malicious URL Blocked

magna86

Re: Malicious URL Blocked

kissagain

Re: Malicious URL Blocked

magna86

Re: Malicious URL Blocked

kissagain

Re: Malicious URL Blocked

magna86

Re: Malicious URL Blocked

kissagain

Re: Malicious URL Blocked

magna86

Re: Malicious URL Blocked

kissagain

Re: Malicious URL Blocked

magna86

Re: Malicious URL Blocked

kissagain

Re: Malicious URL Blocked