Author Topic: malcious url blocked (Read 20480 times)

essexboy · « **Reply #30 on:** November 20, 2010, 07:45:01 PM »

Yep close - reboot to safe mode and try comboifx again, give it ten minutes and if it is not running throught the stages reboot again and run an OTL scan on that system - but the two done are OK ?

davidz · « **Reply #31 on:** November 20, 2010, 07:49:58 PM »

but the two done are OK ?
(DZ) Yes, they are fixed.

Here is the file for usb_device_2.

Thank you,
David

essexboy · « **Reply #32 on:** November 20, 2010, 07:52:34 PM »

As far as I can see, are they behaving now ?

davidz · « **Reply #33 on:** November 20, 2010, 08:01:36 PM »

the usb devices, yes

davidz · « **Reply #34 on:** November 21, 2010, 04:45:37 PM »

Hi,

Unable to run combofix on notebook3, keeps hanging in normal mode or safe.
So, i ran mbam programme which returned 2 virus (see attached)

However, a malcious url appeared moments afte I closed down mbam programme.

Do you have any further bright ideas...

DZ...

essexboy · « **Reply #35 on:** November 21, 2010, 05:10:27 PM »

Could you run an OTL scan on number 3 please - also what is the AV on that system ?

davidz · « **Reply #36 on:** November 21, 2010, 05:40:04 PM »

No AV, as I couldn't pause Avast during the combi-fix stage..

See attached OTL.txt for notebook3

Thanks so much,

DZ

essexboy · « **Reply #37 on:** November 21, 2010, 06:10:56 PM »

Combofix appears to have run as it quarantined some items

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Quote
:OTL
[2010/10/01 18:12:07 | 000,155,648 | ---- | M] () -- C:\HTGD0007.exe
[2010/11/09 10:19:49 | 000,000,332 | -HS- | C] () -- C:\WINDOWS\tasks\rvlrcah.job

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

davidz · « **Reply #38 on:** November 21, 2010, 06:26:42 PM »

Here is the log from the OTL scan.

DZ

essexboy · « **Reply #39 on:** November 21, 2010, 06:43:07 PM »

OK what is the status of your systems now

Can you reel them off 1-2-3

davidz · « **Reply #40 on:** November 21, 2010, 06:46:12 PM »

1/2 = no issues
3 = no pop ups, no av

Ran malwarebytes and no malicious items were found

shall I re-install Avast AV?

DZ

davidz · « **Reply #41 on:** November 21, 2010, 06:47:07 PM »

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5163

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

21/11/2010 17:44:37
mbam-log-2010-11-21 (17-44-37).txt

Scan type: Quick scan
Objects scanned: 137100
Time elapsed: 12 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

essexboy · « **Reply #42 on:** November 21, 2010, 06:53:11 PM »

Yep re-install AV and then once you are happy I will remove my tools and tidy up your systems

YoKenny · « **Reply #43 on:** November 21, 2010, 07:00:13 PM »

I see Windows 5.1.2600 Service Pack 2

Windows XP Service Pack 3 has been available for over 2 years that provides many Critical Updates and performance improvements:
Support for Windows XP Service Pack 2 ends on July 13, 2010
http://support.microsoft.com/gp/lifean31

I see that you now have more than 20 posts which will permit you to update your profile to include signature information.

Go to PROFILE then Modify Profile then Forum Profile Information then Please select your country: then Signature: and put information about your system just like my signature about your system just like my signature so that the helpers can offer pertinent advice.

essexboy · « **Reply #44 on:** November 21, 2010, 07:02:44 PM »

I can't say anything as I have just installed a VM with XP SP1

Author Topic: malcious url blocked (Read 20480 times)

essexboy

Re: malcious url blocked

davidz

Re: malcious url blocked

essexboy

Re: malcious url blocked

davidz

Re: malcious url blocked

davidz

Re: malcious url blocked

essexboy

Re: malcious url blocked

davidz

Re: malcious url blocked

essexboy

Re: malcious url blocked

davidz

Re: malcious url blocked

essexboy

Re: malcious url blocked

davidz

Re: malcious url blocked

davidz

Re: malcious url blocked

essexboy

Re: malcious url blocked

YoKenny

Re: malcious url blocked

essexboy

Re: malcious url blocked