Need Help On Blocked Malicious URL

[circumstances]

i don't see a file name. it moved it to quarantine. it said process pid 2272 if that helps.

[essexboy]

Ok it is in memory so it may be part of combofix

[circumstances]

do i need to disable MSE and avast before i run the asw thing i downloaded?

[doktornotor]

do i need to disable MSE and avast before i run the asw thing i downloaded?

Well if you are running both then you should not disable but rather uninstall one.

[Pondus]

do i need to disable MSE and avast before i run the asw thing i downloaded?

Never install two antivirus (see reply from quietman7)
http://www.bleepingcomputer.com/forums/index.php?s=7c8217673a726b92cfc91ecfd4294a29&showtopic=260844&view=findpost&p=1441638

[circumstances]

i'd like to keep both programs for on-demand scanning, but i don't need both of them doing real time protection at the same time. the avast gave me the heads up on the borekoso thing when mse said nothing, and mse found the trojan caberp.c thing when avast said nothing. which one should i keep for real time scanning, and how do i disable the other one from doing the same, yet leave it on my computer for on-demand scanning?

[doktornotor]

i'd like to keep both programs for on-demand scanning, but i don't need both of them doing real time protection at the same time. which one should i keep for real time scanning, and how do i disable the other one from doing the same, yet leave it on my computer for on-demand scanning?

You simply cannot do this with avast! nor with MSE. They are not intended to be used on-demand.

[circumstances]

thanks doktor. i will uninstall MSE. i have had malwarebytes and superantispyware forever, and eset for several weeks, none of which are doing any real time scanning on my system. should i uninstall all of them as well?

[doktornotor]

MBAM and SAS is fine... ESET is another realtime one, uh. You really are lucky the machine still boots.  

[circumstances]

you said it! i'm lucky to find the "power" button!

essexboy, here is the aswmbr log:

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-03-29 17:30:00
-----------------------------
17:30:00.578    OS Version: Windows 5.1.2600 Service Pack 3
17:30:00.578    Number of processors: 2 586 0x209
17:30:00.593    ComputerName: DGX34231  UserName: Robert
17:30:01.328    Initialize success
17:33:14.406    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:33:14.406    Disk 0 Vendor: IC35L060AVV207-0 V22OA66A Size: 57220MB BusType: 3
17:33:16.406    Disk 0 MBR read successfully
17:33:16.406    Disk 0 MBR scan
17:33:18.406    Disk 0 scanning sectors +117178110
17:33:18.406    Disk 0 scanning C:\WINDOWS\system32\drivers
17:33:33.421    Service scanning
17:33:34.812    Disk 0 trace - called modules:
17:33:34.843    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:33:34.843    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b339ab8]
17:33:34.843    3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b385d98]
17:33:34.843    Scan finished successfully

[circumstances]

ESET uninstalled. MSE uninstalled. (that) crisis averted! thanks doktor.

[circumstances]

while i'm waiting for essexboy to review that last aswmbr information, i got a different warning:

MALICIOUS URL BLOCKED
Object: borekoso.com/set/first.html
Infection: URL:Mal
Action: Blocked
Process: C:\Windows\system32\svchost.exe

[circumstances]

and yet another one this morning:

MALICIOUS URL BLOCKED
Object: borekoso.com//cfg/miniav.plugfirst.html
Infection: URL:Mal
Action: Blocked
Process: C:\Windows\system32\svchost.exe

[essexboy]

OK big hammer time now

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[circumstances]

essexboy, welcome back! i'm at work (again), so i will do as you say as soon as i return home. you remember that i downloaded combofix when you instructed me to previously (so it is already present on my desktop), and when i tried to run it i lost my monitor, and you had me reboot?