Author Topic: Truminfi.com  (Read 40252 times)

0 Members and 1 Guest are viewing this topic.

confutse

  • Guest
Truminfi.com
« on: March 20, 2011, 04:10:15 PM »
Hi!
any idea what this is and why avast is blocking it every few minutes?
and how can i remove it?
thank you :)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88791
  • No support PMs thanks
Re: Truminfi.com
« Reply #1 on: March 20, 2011, 04:19:05 PM »
If you can post an image of the avast alert it will give us more information ?

What are you doing at the time this happens ?

What is your operating system and browser, etc. ?

The domain is one that avast considers malicious, see image, is this the same sort of image ?
« Last Edit: March 20, 2011, 04:21:56 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

confutse

  • Guest
Re: Truminfi.com
« Reply #2 on: March 20, 2011, 04:28:22 PM »
Umm, how can i do that?

it happens every few minutes, even when i'm not in the net.

Win 7, firefox ver. 3.6.15

yes, it's exactly like that, the web address is a lot longer, filled with numbers.
oh wait, it says that process is explorer.exe
« Last Edit: March 20, 2011, 04:31:22 PM by confutse »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88791
  • No support PMs thanks
Re: Truminfi.com
« Reply #3 on: March 20, 2011, 04:36:21 PM »
You have to have some image capture software or printscreen and crop the image and save the image file. Then attach it to your post, additional Options on the reply window.

- When you click the Reply button, there is an Additional Options link, this expands the options to attach a file, that can be an image file or a text file (.log or .txt). Also see How to post an Image.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

confutse

  • Guest
Re: Truminfi.com
« Reply #4 on: March 20, 2011, 04:44:06 PM »
U can see the web address on the bottom of the screen, right?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Truminfi.com
« Reply #5 on: March 20, 2011, 04:51:53 PM »
Looks like either a proxy malware or a dns hijack

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Select All Users
  • Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check


  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please attach the log in your next post.

Hermite15

  • Guest
Re: Truminfi.com
« Reply #6 on: March 20, 2011, 04:57:24 PM »
clear all private data in the browser that you use and restart it. Then use CCleaner to clear what's left may be and temp folders content. This should get you rid of the issue.

edit: okay Essexboy posted in the meantime and sees potentially something else ;)

confutse

  • Guest
Re: Truminfi.com
« Reply #7 on: March 20, 2011, 05:00:00 PM »
like this?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Truminfi.com
« Reply #8 on: March 20, 2011, 05:05:39 PM »
Yep - this will also flush out all your temps for you.  After reboot let me know if you still get the alerts 

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]
[Unregister Dlls]
[Registry - Safe List]
< Run [HKEY_USERS\S-1-5-21-954531041-2713293074-437339881-1000\] > -> HKEY_USERS\S-1-5-21-954531041-2713293074-437339881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "Stenabefogufagel" -> C:\Users\TT\AppData\Local\atPSNlev.dll [rundll32.exe  "C:\Users\TT\AppData\Local\atPSNlev.dll",Startup]
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
 

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.

confutse

  • Guest
Re: Truminfi.com
« Reply #9 on: March 20, 2011, 05:22:00 PM »
like this?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Truminfi.com
« Reply #10 on: March 20, 2011, 05:31:47 PM »
Have you turned off your system restore ?

Are you still getting the alerts ?

confutse

  • Guest
Re: Truminfi.com
« Reply #11 on: March 20, 2011, 05:41:23 PM »
umm...i'm not sure about that system restore.
nope, no more alerts :D

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Truminfi.com
« Reply #12 on: March 20, 2011, 05:44:55 PM »
Ok that one is cleared - reference the system restore could you try to create one and let me know what error you get

confutse

  • Guest
Re: Truminfi.com
« Reply #13 on: March 20, 2011, 05:47:13 PM »
Created a system restore point, didnt get any errors :)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Truminfi.com
« Reply #14 on: March 20, 2011, 05:58:45 PM »
OK thanks - run OTS and hit the cleanup button and it will disappear  ;D