Author Topic: malcious url blocked  (Read 17368 times)

0 Members and 2 Guests are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: malcious url blocked
« Reply #45 on: November 21, 2010, 07:14:17 PM »
OK clear up time - did you have a Vista amongst this lot ? Do this for each system

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

 Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Quote
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Click Start > Run  and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself.  MBAM can be uninstalled via control panel add/remove along with ERUNT.  But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

   Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 22.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u22-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u22-windows-i586-p.exe and select "Run as an Administrator.")
SPRING CLEAN

Vista systems only

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones

  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done

 
Download and run Puran Disc Defragmenter
I would recommend a boot defrag and disc check for the first run (piccy below)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?
Keep safe  :wave:

Offline davidz

  • Jr. Member
  • **
  • Posts: 37
Re: malcious url blocked
« Reply #46 on: November 23, 2010, 06:11:42 PM »
Hi,

Sorry for my late reply (again).  I was travelling the last few days, therefore hence my silence.

I'm still having issues with notebook3 (nb3).  Avast URL blocker is appearing, twice in the last 5 minutes (after I turned my nb3 on).

I'm unable to run "combo fix" whilst in normal mode and now I'm trying in safe mode.

Stay tuned..

DZ..

Offline davidz

  • Jr. Member
  • **
  • Posts: 37
Re: malcious url blocked
« Reply #47 on: November 23, 2010, 06:43:11 PM »
Ok, that didn't work.  Hung ofr 30 minutes doing ZERO.

The NB3 is quite old and is using 32 bit.  I couldn't manage to download SP3.

What now...

DZ

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: malcious url blocked
« Reply #48 on: November 23, 2010, 10:10:06 PM »
OK as it is only 3 being a pain now lets use a different tool

Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window:
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with Malware removal mode enabled " check box.

  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.
When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis " check box.

  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.
Upload both virusinfo_syscure.zip and virusinfo_syscheck.zip to Mediafire and post the sharing link.

Offline davidz

  • Jr. Member
  • **
  • Posts: 37

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: malcious url blocked
« Reply #50 on: November 24, 2010, 09:10:55 PM »
Hmm that showed nothing that would stop CF - lets re-run TDSSKiller again

Please read carefully and follow these steps. 
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
     
     

     
     
  • If an infected file is detected, the default action will be Cure, click on Continue.
     
     

     
     
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
     
     

     
     
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
     
     

     
     
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Offline davidz

  • Jr. Member
  • **
  • Posts: 37
Re: malcious url blocked
« Reply #51 on: November 25, 2010, 05:24:24 PM »
Here is the txt file.

I took a picture of the Malcious object found too

Thanks a lot.

David

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84926
  • No support PMs thanks
Re: malcious url blocked
« Reply #52 on: November 25, 2010, 06:25:51 PM »
I can't see the image detail, too smal, but it looks like an alert on tdsskiller.exe, is that right ?

If so it means you haven't disabled your security applications before running this tool, which I think is necessary ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline davidz

  • Jr. Member
  • **
  • Posts: 37
Re: malcious url blocked
« Reply #53 on: November 25, 2010, 07:45:25 PM »
Hi..

The images says:

Malicious Objects
rookkit.win32.TDSS.TDL4


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84926
  • No support PMs thanks
Re: malcious url blocked
« Reply #54 on: November 25, 2010, 08:22:56 PM »
OK, that window ask you to select an option, so is there an option on that screen ?

Your log shows that the User select action = Cure.

It didn't mention anything about a boot being required, so I can only presume that it has cured the problem. If you ran it again I wonder if it would find it again or whether you should reboot in any case and then check again.

However, I'm not too familiar with this tool so it may be best to wait for essexboy getting back to the topic.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: malcious url blocked
« Reply #55 on: November 25, 2010, 09:19:24 PM »
David is correct you do need to select cure for it to work - Could you run TDSSKiller again please and save the file as ANSI and not unicode please.  Allow TDSSKiller to cure the affected bit 

Offline davidz

  • Jr. Member
  • **
  • Posts: 37
Re: malcious url blocked
« Reply #56 on: November 26, 2010, 05:38:54 AM »
Hi,

I followed your instructions from the thread November 24, 2010, 07:10:55 PMPosted by: essexboy - that's when I took a photo of the screen (inlcuded this for your reference)

So, to recap.  I clicked on cure, the rebooted the notebook and attached the text file and is available in a previous thread  Posted on: Yesterday at 03:24:24 PM

What next...

Thank you,

David

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5198
Re: malcious url blocked
« Reply #57 on: November 26, 2010, 09:01:44 AM »
Wait for Essexboy to give you further instructions.  He is the main person at this point for your malware removal, while we support you in the background.  Thank you.
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: malcious url blocked
« Reply #58 on: November 26, 2010, 08:49:08 PM »
Could you now retry combofix please - delete your current copy and download a fresh one

Offline davidz

  • Jr. Member
  • **
  • Posts: 37
Re: malcious url blocked
« Reply #59 on: November 27, 2010, 07:20:08 AM »
Deleted Combo Fix and tried again - Same experience as previously, the screen hangs and doesn't move.

However, I've not had any malicious alerts in the last 24 hours.

What should I do now?