Author Topic: "Malicious URL Blocked" message over and over again.  (Read 18186 times)

Offline Druidmisanth

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
"Malicious URL Blocked" message over and over again.
« on: April 10, 2010, 08:09:51 AM »
This message(below) recurs at seemingly random intervals for the last three days. Have scanned with Avast(both full scan and boot scan) with no result. Likewise with Microsoft Security Essentials, which I have since deleted. Judging by the message itself, my machine is safe and Avast AV is doing it's job but I sure would like to figure out just what, inside my computer, is compelling this continuous assault by whatever the heck "77.74.48.111/pldr/test.jpg?suid=b422fa..." is. Will download MBAM and scan with it in the interim but any assistance would be greatly appreciated.

Gordon


Offline brain

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: "Malicious URL Blocked" message over and over again.
« Reply #1 on: April 10, 2010, 08:18:03 AM »
Hi

What the link malware ?

Thanks

Offline Druidmisanth

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: "Malicious URL Blocked" message over and over again.
« Reply #2 on: April 10, 2010, 11:34:48 AM »
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3973

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/10/2010 7:26:03 AM
mbam-log-2010-04-10 (07-26-03).txt

Scan type: Full scan (C:\|)
Objects scanned: 169474
Time elapsed: 1 hour(s), 43 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{981111eb-4770-4c06-a9b4-6cacf126f5fa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{981111eb-4770-4c06-a9b4-6cacf126f5fa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\remekulobe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1c445201 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm1f77619d (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\noqmqx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gordon Brown\My Documents\ACSA\Adobe.CS3.Web.Premium.Keygen_Activation\Adobe.Web.Premium.CS3.Keygen+Activation.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gordon Brown\My Documents\ACSA\NYU Adobe CS3 Keygens\Adobe Web Premium CS3 Keygen + Activation.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gordon Brown\My Documents\ACSA\NYU Adobe CS3 Keygens\InDesign CS3 Keygen VLK.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\update.exe (Trojan.Agent) -> Quarantined and deleted successfully.
« Last Edit: April 10, 2010, 11:43:28 AM by Druidmisanth »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21689
  • Gender: Male
    • Personal Message (Offline)
Re: "Malicious URL Blocked" message over and over again.
« Reply #3 on: April 10, 2010, 11:48:49 AM »
If you scan again (do the quick scan) does it come up clean ?  problems gone ?

Also run Superantispyware www.superantispyware.com

Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline mkis

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1622
  • Gender: Male
    • Personal Message (Offline)
Re: "Malicious URL Blocked" message over and over again.
« Reply #4 on: April 10, 2010, 02:23:08 PM »
Is it possible to give the internet address name (using hXXp:// rather than http://) so that we can check out the page?

by using hXXp the link will not be able to be activated.
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69211
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: "Malicious URL Blocked" message over and over again.
« Reply #5 on: April 10, 2010, 02:41:15 PM »
It is in the original post, image and text, it is an IP address rather than a domain name.

There really is no page to check as the origin is on the users system trying to connect to that page, so what is on it is rather immaterial. We have to try and find what is using svchost.exe to connect to the malicious site, that is why started the ball rolling on that with MBAM and SAS is a good start.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline mkis

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1622
  • Gender: Male
    • Personal Message (Offline)
Re: "Malicious URL Blocked" message over and over again.
« Reply #6 on: April 10, 2010, 02:46:20 PM »
oh okay David, sorry I rushed through the page. I will leave them to it. In good hands.
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69211
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: "Malicious URL Blocked" message over and over again.
« Reply #7 on: April 10, 2010, 02:54:47 PM »
No problem, it may have been vundo trying to get out, but it may not be that simple.

Quote
Vundo, or the Vundo Trojan (also known as Virtumonde  or Virtumondo and sometimes referred to as MS Juan) is a Trojan horse that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google  and Facebook.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Druidmisanth

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: "Malicious URL Blocked" message over and over again.
« Reply #8 on: April 10, 2010, 03:37:12 PM »

Offline Druidmisanth

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: "Malicious URL Blocked" message over and over again.
« Reply #9 on: April 10, 2010, 05:33:06 PM »
Okay, I'm actually on another tower entirely- which the keyboard from my main machine
works just fine on. Any suggestions? Is it possible, somewhere on that computer to block the
URL in question entirely- in the internet security maybe? I'll have to take any advice and assemble it all together to try out on the machine when I hook it back up- and I suppose I could email any necessary links to myself to get around the nonfunctioning keyboard. Thanks in advance.

Gordon

Incidentally, the full URL that Avast keeps blocking and reporting is:

"77.74.48.111/pldr/test.jpg?suid=b422fa140378de814a177850fffffcuid=caba63b92ff1f44abbe14211373fef6affid=200327tid=nka10067cver=2li=1bi=Onc=1"
« Last Edit: April 10, 2010, 05:51:11 PM by Druidmisanth »

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69211
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: "Malicious URL Blocked" message over and over again.
« Reply #10 on: April 10, 2010, 06:31:58 PM »
I certainly haven't heard of a virus that targets your keyboard, though I guess it wouldn't be impossible if a keyboard driver was killed/damaged.

Whilst this would be a pain (OK for short tasks), but it is still possible by using the windows on screen keyboard, using your mouse, see mouse actions in, http://www.microsoft.com/windowsxp/using/accessibility/oskturnonuse.mspx.


Have you tried running SAS yet ?
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Online polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20136
  • Gender: Male
  • malware fighter
    • Personal Message (Online)
Re: "Malicious URL Blocked" message over and over again.
« Reply #11 on: April 10, 2010, 07:05:57 PM »
Druidmisanth,

This is a known vundo download site. Re: http://www.bleepingcomputer.com/forums/topic294721.html

polonus
« Last Edit: April 10, 2010, 07:28:31 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mkis

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1622
  • Gender: Male
    • Personal Message (Offline)
Re: "Malicious URL Blocked" message over and over again.
« Reply #12 on: April 10, 2010, 11:57:25 PM »
just to add to the info that Pol has posted

- screenshot shows top part of page returned from search of site address of suspect domain
- I can capture and post the whole page in segments if anyone thinks will help
  
I'm not sure if the info is much use, and I'm a bit busy to follow up myself at the moment
- info gathered through putting into practice v5 sandbox in IS AV

I made sure to access the info from a safe distance, and would advise anyone unpractised in doing should steer well clear of this domain

Edit - well some of the domain is okay, so caveat perhaps - viewer beware
« Last Edit: April 11, 2010, 12:11:02 AM by mkis »
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

Offline Druidmisanth

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: "Malicious URL Blocked" message over and over again.
« Reply #13 on: April 15, 2010, 06:35:32 AM »
I'm back- typing with the abovementioned onscreen keyboard. In the interim, have run rkill, vundofix, virtumundobegone, with nothing found in the latter two.


Then, I ran hijackthis, producing this:

Quote
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:30:49 AM, on 4/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [remekulobe] Rundll32.exe "C:\WINDOWS\system32\wirahahe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [remekulobe] Rundll32.exe "C:\WINDOWS\system32\wirahahe.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\piyuzuju.dll noqmqx.dll c:\windows\system32\ruvaluno.dll
O21 - SSODL: Autapbi - {950F4790-CDED-424D-8C4C-6C5B6EA25D15} - C:\WINDOWS\system32\exewebro.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O24 - Desktop Component 0: (no name) - http://www.kindgirls.com/graf/fondo2.png

--
End of file - 8304 bytes

But I haven't the slightest idea what it means. Running Malwarebytes again as we speak.

Other than the keyboard not working, all that really remains is that initial notice that Avast is blocking access to that same old URL.
« Last Edit: April 15, 2010, 06:43:24 AM by Druidmisanth »

Offline Druidmisanth

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: "Malicious URL Blocked" message over and over again.
« Reply #14 on: April 15, 2010, 06:43:58 AM »
Here's the VitumundoBeGoneLog:

Quote
[04/15/2010, 1:26:56] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Gordon Brown\My Documents\Downloads\VirtumundoBeGone.exe" )
[04/15/2010, 1:27:00] - Detected System Information:
[04/15/2010, 1:27:00] -  Windows Version: 5.1.2600, Service Pack 3
[04/15/2010, 1:27:00] -  Current Username: Gordon Brown (Admin)
[04/15/2010, 1:27:00] -  Windows is in NORMAL mode.
[04/15/2010, 1:27:00] - Searching for Browser Helper Objects:
[04/15/2010, 1:27:00] -  BHO 1: {0347C33E-8762-4905-BF09-768834316C61} (HP Print Enhancer)
[04/15/2010, 1:27:00] -  BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/15/2010, 1:27:00] -  BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[04/15/2010, 1:27:00] -  BHO 4: {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
[04/15/2010, 1:27:00] -  BHO 5: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl Class)
[04/15/2010, 1:27:00] -  BHO 6: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HP Smart BHO Class)
[04/15/2010, 1:27:00] - Finished Searching Browser Helper Objects
[04/15/2010, 1:27:00] - Finishing up...
[04/15/2010, 1:27:00] - Nothing found! Exiting...

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now