Author Topic: need help with a url:mal (Read 16383 times)

REDACTED · « **on:** June 16, 2014, 04:39:20 PM »

hi ppl
Avast detects this file but cant do anything when I scan with it or malwarebytes.
Its a single file I accidentally clicked, it recreates itself if I try to remove it normally.
I will attach the OTL log here, but I dont know what to do from now on.
Hope for a quick help, thanks in advance.

Michael (alan1998) · « **Reply #1 on:** June 16, 2014, 04:41:17 PM »

Remover Notified.

REDACTED · « **Reply #2 on:** June 16, 2014, 04:43:29 PM »

just want to let you know that Im a real noob, so please write what to do step by step

Michael (alan1998) · « **Reply #3 on:** June 16, 2014, 04:46:04 PM »

Hi,

That's usually what they do. I'm not allowed (Currently) to help you beyond PM'ing removers and I am training. Be patient, it might take an hour or two before they answer.

Quote from: gix-future on June 16, 2014, 04:43:29 PM

just want to let you know that Im a real noob, so please write what to do step by step

Don't Worry, That's usually what they do.

Edit: If you need clarification. Always ask them. They will most certainly help clarify what they mean and won't be offended by you asking. In some ways, it helps them.

Pondus · « **Reply #4 on:** June 16, 2014, 04:49:47 PM »

Quote

Avast detects this file but cant do anything when I scan with it or malwarebytes.

what file?
what is the message from avast?..... you may attach a screenshot

does Malwarebytes detect?.... if so attach Malwarebytes scan log also

REDACTED · « **Reply #5 on:** June 16, 2014, 04:57:58 PM »

avast used to pop up a window like every 5-10 secs, now it stopped, which kinda scare me
it said something like avast detected this file that may be dangereous and few info like the type (URL:Mal) and the name of the link
malwarebytes didnt find anything (I tried scanning the entire drive and only the file but no result, same with avast besides that pop up notification my anti-virus consider that file not a virus)
I also read couple of tutorials and scanned the pc with another cleaner but I removed it coz no help from it... but when I open it, there was a little notification about that file, it looks like it changed something in the cleaner so it wouldnt consider it

Pondus · « **Reply #6 on:** June 16, 2014, 05:01:05 PM »

if you right click avast tray icon ... and select... show last popup.... click pin in top right corner to make it stay on screen and take screenshot
it sounds as you may have a bug that is trying to phone home

anyway, not that important as the removal expert will see it from the OTL log

essexboy · « **Reply #7 on:** June 16, 2014, 05:39:08 PM »

Could you resave the OTL log as ANSI please as it appears to be Unicode

REDACTED · « **Reply #8 on:** June 16, 2014, 06:11:26 PM »

this is the screenshot, its in italian but should not be a problem to understand the message
how do I save it in ANSI? Do I need to do the otl scan again?

Pondus · « **Reply #9 on:** June 16, 2014, 06:17:19 PM »

when you are going to save it, a new box pops up.... at the bottom of that box should be a dropp down menu that say Unicode or ANSI .... we want ANSI

Michael (alan1998) · « **Reply #10 on:** June 16, 2014, 06:42:30 PM »

The original OTL file is corrupt.

However. I will provide instructions on how to save in ANSI

Open OTL.txt
File
Save As

REDACTED · « **Reply #11 on:** June 16, 2014, 07:00:54 PM »

ye I got a couple errors while scanning with OTL, btw here's the ANSI resave ^^

Michael (alan1998) · « **Reply #12 on:** June 16, 2014, 07:05:39 PM »

OTL isn't corrupt. So Essex can help you now. Wait a while. He'll swing by some time soon most likely.

essexboy · « **Reply #13 on:** June 16, 2014, 07:55:01 PM »

Once these steps have been completed can you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
SRV - File not found [Auto | Stopped] -- C:\Users\Valentina\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe -- (SoftwareUpd)
SRV - [2011/12/16 19:44:48 | 000,156,160 | ---- | M] (ServiceUpd) [Auto | Stopped] -- C:\Users\Valentina\AppData\Local\ServUpdater\ServiceUpd.exe -- (ServUpdater)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1389112641&from=cor&uid=MAXTORXSTM3250310AS_6RYBDP5TXXXX6RYBDP5T&q={searchTerms}
IE - HKLM\..\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=104&systemid=473&v=a11465-144&apn_uid=0466461338354036&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
[2014/06/11 15:48:45 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Programmi\Mozilla Firefox\defaults\k08k2g9w.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
O2 - BHO: (no name) - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2970910876-2626351943-4154173461-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [manuela_photo_345353_53453535_3635645645_46765757] wscript.exe //B "C:\Users\Utente\AppData\Roaming\manuela_photo_345353_53453535_3635645645_46765757.vbs" File not found
O4 - HKU\S-1-5-21-2970910876-2626351943-4154173461-1000..\Run: [manuela_photo_345353_53453535_3635645645_46765757] wscript.exe //B "C:\Users\Utente\AppData\Roaming\manuela_photo_345353_53453535_3635645645_46765757.vbs" File not found
O4 - Startup: C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\manuela_photo_345353_53453535_3635645645_46765757.vbs ()
O20 - AppInit_DLLs: (C:\PROGRA~2\Wincert\WIN32C~1.DLL) - File not found
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
[2014/06/16 14:02:33 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Roaming\eCyber
[2014/06/16 14:01:22 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Roaming\iSafe
[2014/06/09 22:25:46 | 000,178,900 | ---- | M] () -- C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\manuela_photo_345353_53453535_3635645645_46765757.vbs
[2014/06/09 22:25:46 | 000,178,900 | ---- | M] () -- C:\Users\Utente\AppData\Roaming\manuela_photo_345353_53453535_3635645645_46765757.vbs
[2014/06/16 13:53:30 | 000,178,900 | ---- | C] () -- C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\manuela_photo_345353_53453535_3635645645_46765757.vbs
[2014/06/15 20:31:35 | 000,178,900 | ---- | C] () -- C:\Users\Utente\AppData\Roaming\manuela_photo_345353_53453535_3635645645_46765757.vbs

:Files
C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

REDACTED · « **Reply #14 on:** June 16, 2014, 09:33:54 PM »

ok here I give you the log of OTL just after the reboot, the one after the quick scan following the reboot, and the adw cleaner.
all of theme are saved as ANSI.
the file is still there tho

Author Topic: need help with a url:mal (Read 16383 times)

REDACTED

need help with a url:mal

Michael (alan1998)

Re: need help with a url:mal

REDACTED

Re: need help with a url:mal

Michael (alan1998)

Re: need help with a url:mal

Pondus

Re: need help with a url:mal

REDACTED

Re: need help with a url:mal

Pondus

Re: need help with a url:mal

essexboy

Re: need help with a url:mal

REDACTED

Re: need help with a url:mal

Pondus

Re: need help with a url:mal

Michael (alan1998)

Re: need help with a url:mal

REDACTED

Re: need help with a url:mal

Michael (alan1998)

Re: need help with a url:mal

essexboy

Re: need help with a url:mal

REDACTED

Re: need help with a url:mal