Author Topic: malcious url blocked  (Read 16640 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: malcious url blocked
« Reply #15 on: November 20, 2010, 04:22:20 PM »
Did you see my previous re resetting the router

Offline davidz

  • Jr. Member
  • **
  • Posts: 37
Re: malcious url blocked
« Reply #16 on: November 20, 2010, 04:28:04 PM »
I suspect all note books are, as they all had the same usb drive (which had a virus) plugged in...

DZ..

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: malcious url blocked
« Reply #17 on: November 20, 2010, 04:31:44 PM »
OK run Combofix on all notebooks, then post the logs giving each a name so that we can get the right fix for the right system

Offline davidz

  • Jr. Member
  • **
  • Posts: 37
Re: malcious url blocked
« Reply #18 on: November 20, 2010, 05:06:58 PM »
Thanks.

Here is the combofix.txt file (nookbook1)

DZ....

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: malcious url blocked
« Reply #19 on: November 20, 2010, 05:16:17 PM »
Notebook 1
Quote
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
Main miscreant dead  ;D Now run MBAM on that one please

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Offline davidz

  • Jr. Member
  • **
  • Posts: 37
Re: malcious url blocked
« Reply #20 on: November 20, 2010, 05:50:25 PM »
Hey,

Here you go (notebook1), there was one infected file which has been removed.

Thanks a million,

David


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: malcious url blocked
« Reply #21 on: November 20, 2010, 06:35:53 PM »
Could you now cntinue to the next system - have the redirects ceased on notebook 1 ?

Offline davidz

  • Jr. Member
  • **
  • Posts: 37
Re: malcious url blocked
« Reply #22 on: November 20, 2010, 06:57:39 PM »
Notebook 1, yes! 

I'm nearly finished with 2 and 3.

Where were you from in Essex, I lived there for some time too..


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: malcious url blocked
« Reply #23 on: November 20, 2010, 07:00:29 PM »
No longer in Essex - now in Cornwall  ;D  Originally from Romford

Offline davidz

  • Jr. Member
  • **
  • Posts: 37
Re: malcious url blocked
« Reply #24 on: November 20, 2010, 07:06:26 PM »
Notebook2, it appears that this is clean! :)

Yep, I know it, I lived for sometime in Billericay. 

Offline davidz

  • Jr. Member
  • **
  • Posts: 37
Re: malcious url blocked
« Reply #25 on: November 20, 2010, 07:11:31 PM »
Hope you don't mind me asking another question.

I also have a hard drive and a camera which I'm sure are infected. These have both been cleaned with Avast.  Could there be something on there and how do I find out? For the hard drive, I copied (or my wife did) photos off one notebook1.

Thanks so much,

David




Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: malcious url blocked
« Reply #26 on: November 20, 2010, 07:12:44 PM »
Mountpoints to remove from Notebook 2 - how is that running now ? I will need a further OTL run on system one when 3 is finished.  Scan the externals with Avast  ;D 

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Quote
    :OTL
    O33 - MountPoints2\{83f0a34a-4eb9-11df-88a2-00224384bbe2}\Shell\AutoRun\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
    O33 - MountPoints2\{83f0a34a-4eb9-11df-88a2-00224384bbe2}\Shell\open\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
    O33 - MountPoints2\{bb853c54-8597-11df-88c2-00224384bbe2}\Shell\AutoRun\command - "" = E:\RESTORE\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe -- File not found
    O33 - MountPoints2\{bb853c54-8597-11df-88c2-00224384bbe2}\Shell\open\command - "" = E:\RESTORE\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe -- File not found
    O33 - MountPoints2\{c0597d3d-4570-11de-87f7-00224384bbe2}\Shell - "" = AutoRun
    O33 - MountPoints2\{c0597d3d-4570-11de-87f7-00224384bbe2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{d24ecbe8-e57a-11de-887d-00224384bbe2}\Shell\AutoRun\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
    O33 - MountPoints2\{d24ecbe8-e57a-11de-887d-00224384bbe2}\Shell\open\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
    O33 - MountPoints2\{ec152226-e8f5-11df-8917-002243e21c9f}\Shell\AutoRun\command - "" = E:\APPInst.exe -- File not found

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Offline davidz

  • Jr. Member
  • **
  • Posts: 37
Re: malcious url blocked
« Reply #27 on: November 20, 2010, 07:35:18 PM »
USB device_1


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: malcious url blocked
« Reply #28 on: November 20, 2010, 07:37:21 PM »
Where are we at, at the moment ?  How many systems are running good ? 

Offline davidz

  • Jr. Member
  • **
  • Posts: 37
Re: malcious url blocked
« Reply #29 on: November 20, 2010, 07:41:58 PM »
2 systems :)

The 3rd system must have frozen because the screen hasn't moved (see attached).  I'm at the combofix stage (which I'm sure you know!)

The response is:

Scanning for infected files
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double


The screen hasn't moved in the last 40 mins..

Any thoughts!?

DZ