Author Topic: URL:Mal followed by Win32.Malware-gen  (Read 5903 times)

Offline LoupGarou

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
URL:Mal followed by Win32.Malware-gen
« on: May 01, 2011, 05:29:33 PM »
I get a pop-up that reads:
Object: 95.143.193.171 (sometimes this says: longtrip-todayz.com)
Infection: URL:Mal
Action: Blocked
Process: C:\Windows\System32\svchost.exe

It will quickly be followed by:
Object: c:\windows\temp\****\setup.exe
Infection: Win32.Malware-gen
Action: Moved to chest
Process: c:\windows\System32\svchost.exe

I ensured everything was updated. Then reboot in safe mode and ran Malware Bytes, Kaspersky rootkit, then Avast full computer scan, then I set it to run a full computer bootscan and reboot. Nothing is found by any of these scans. I was using a different anti-virus software package and it did not find anything either. I'm currently testing avast and using the free version.

I would appreciate whatever assistance or suggestions that could be provided.

Thanks!


Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28966
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: URL:Mal followed by Win32.Malware-gen
« Reply #1 on: May 01, 2011, 05:31:44 PM »
There was a malicious file within your temporary folder that Avast blocked and then deleted

What are your current problems ?

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.  Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Offline LoupGarou

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Re: URL:Mal followed by Win32.Malware-gen
« Reply #2 on: May 01, 2011, 05:52:28 PM »
Thanks for your reply, essexboy.

I followed your instructions and did a manual reboot, but the same thing is occurring.

First, I get the URL:Mal Block, then a setup.exe file tries to open, but avast allows me to cancel the open, then I get the c:\windows\temp\****\setup.exe block. **** are letters which change. Folders matching the letters are created in the windows\temp directory, but these folders are empty.


Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28966
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: URL:Mal followed by Win32.Malware-gen
« Reply #3 on: May 01, 2011, 05:53:58 PM »
In that case lets have a look see

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Select All Users
  • Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please attach the log in your next post.

Offline LoupGarou

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Re: URL:Mal followed by Win32.Malware-gen
« Reply #4 on: May 01, 2011, 06:40:55 PM »
I've run OTS from the desktop and attached the result as you requested.

Thanks again for the help.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28966
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: URL:Mal followed by Win32.Malware-gen
« Reply #5 on: May 01, 2011, 07:00:28 PM »
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1292428093-746137067-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1292428093-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Documents and Settings\Calvin\Desktop\utorrent.exe" -> [C:\Documents and Settings\Calvin\Desktop\utorrent.exe:*:Enabled:µTorrent]
YN -> "C:\Program Files\AVG\AVG10\avgmfapx.exe" -> [C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{5dcbfc0a-0a0d-11df-9cf7-463500000031} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\Auto\command ->
YN -> \{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\Auto\command\\"" -> [G:\run.exe]
YN -> \{5dcbfc0a-0a0d-11df-9cf7-463500000031} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\AutoRun ->
YN -> \{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\AutoRun\\"" -> [Auto&Play]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\AutoRun\command ->
YN -> \{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\AutoRun\command\\"" -> [C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL run.exe]
YN -> \{7d2fbfe6-223a-11e0-9f17-463500000031} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\Auto\command ->
YN -> \{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\Auto\command\\"" -> [G:\run.exe]
YN -> \{7d2fbfe6-223a-11e0-9f17-463500000031} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\AutoRun ->
YN -> \{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\AutoRun\\"" -> [Auto&Play]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\AutoRun\command ->
YN -> \{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\AutoRun\command\\"" -> [C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL run.exe]
[Files/Folders - Modified Within 30 Days]
NY ->  85ofw6p8b0gy3qnjn6mw -> C:\Documents and Settings\Calvin\Local Settings\Application Data\85ofw6p8b0gy3qnjn6mw
NY ->  85ofw6p8b0gy3qnjn6mw -> C:\Documents and Settings\All Users\Application Data\85ofw6p8b0gy3qnjn6mw
[Files - No Company Name]
NY ->  85ofw6p8b0gy3qnjn6mw -> C:\Documents and Settings\Calvin\Local Settings\Application Data\85ofw6p8b0gy3qnjn6mw
NY ->  85ofw6p8b0gy3qnjn6mw -> C:\Documents and Settings\All Users\Application Data\85ofw6p8b0gy3qnjn6mw
[File - Lop Check]
NY ->  AVG10 -> C:\Documents and Settings\All Users\Application Data\AVG10
NY ->  avg9 -> C:\Documents and Settings\All Users\Application Data\avg9
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
 

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.

Offline LoupGarou

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Re: URL:Mal followed by Win32.Malware-gen
« Reply #6 on: May 01, 2011, 07:11:10 PM »
Here are the contents of the file created after running the fix in OTS:

All Processes Killed
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-1292428093-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-1292428093-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Calvin\Desktop\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG10\avgmfapx.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dcbfc0a-0a0d-11df-9cf7-463500000031}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5dcbfc0a-0a0d-11df-9cf7-463500000031}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\Auto\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\Auto\command not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dcbfc0a-0a0d-11df-9cf7-463500000031}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5dcbfc0a-0a0d-11df-9cf7-463500000031}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\AutoRun\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\AutoRun not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dcbfc0a-0a0d-11df-9cf7-463500000031}\Shell\AutoRun\command not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d2fbfe6-223a-11e0-9f17-463500000031}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d2fbfe6-223a-11e0-9f17-463500000031}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\Auto\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\Auto\command not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d2fbfe6-223a-11e0-9f17-463500000031}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d2fbfe6-223a-11e0-9f17-463500000031}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\AutoRun\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\AutoRun not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d2fbfe6-223a-11e0-9f17-463500000031}\Shell\AutoRun\command not found.
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\Calvin\Local Settings\Application Data\85ofw6p8b0gy3qnjn6mw moved successfully.
C:\Documents and Settings\All Users\Application Data\85ofw6p8b0gy3qnjn6mw moved successfully.
[Files - No Company Name]
File C:\Documents and Settings\Calvin\Local Settings\Application Data\85ofw6p8b0gy3qnjn6mw not found!
File C:\Documents and Settings\All Users\Application Data\85ofw6p8b0gy3qnjn6mw not found!
[File - Lop Check]
C:\Documents and Settings\All Users\Application Data\AVG10 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\TEMP folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\OUT folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\IN\10110 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\IN folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\ACTIVE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
[Custom Items]
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Calvin\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Calvin\Desktop\cmd.txt deleted successfully.
[Empty Temp Folders]
 
 
User: All Users
 
User: Calvin
->Temp folder emptied: 63198 bytes
->Temporary Internet Files folder emptied: 49288 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 23363009 bytes
->Flash cache emptied: 1654 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 28554890 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2458 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1887481 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 52.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Calvin
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.42.0 fix logfile created on 05012011_150323

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HN74XVAQ\ADTECH;adid=1222513;bnid=-1;target=_blank;sub1=;misc=844122141[1].htm moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\fla48.tmp not found!

Registry entries deleted on Reboot...

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28966
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: URL:Mal followed by Win32.Malware-gen
« Reply #7 on: May 01, 2011, 07:12:39 PM »
Could you now check for alerts please

Offline LoupGarou

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Re: URL:Mal followed by Win32.Malware-gen
« Reply #8 on: May 01, 2011, 07:24:33 PM »
Okay, the setup.exe issue has been resolved, thank you.

However, the URL:Mal alerts are still popping up randomly.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28966
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: URL:Mal followed by Win32.Malware-gen
« Reply #9 on: May 01, 2011, 07:25:21 PM »
OK phase two  ;D

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Offline LoupGarou

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Re: URL:Mal followed by Win32.Malware-gen
« Reply #10 on: May 01, 2011, 08:00:28 PM »
Here's the mbam-log file created by Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6485

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/1/2011 3:57:40 PM
mbam-log-2011-05-01 (15-57-40).txt

Scan type: Quick scan
Objects scanned: 140660
Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Offline danny96

  • User with Brain™
  • Poster
  • *
  • Posts: 665
  • No-malware!
    • Personal Message (Offline)
Re: URL:Mal followed by Win32.Malware-gen
« Reply #11 on: May 01, 2011, 08:13:50 PM »
MBAM showing that you're not infected. Looks like you're clean.
But try to rescan with avast! and make a boot-time scan to be sure you're realy clear of viruses. 
Real-time protection: Brain™ and Avast! 9.0.2011 -- Firewall: Windows Firewall -- Additional Protection: Web Of Trust, Adblock -- OS: Windows 8 x64

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8800
  • Gender: Male
    • Personal Message (Offline)
Re: URL:Mal followed by Win32.Malware-gen
« Reply #12 on: May 01, 2011, 08:14:26 PM »
Get Internet Explorer V8 as it is the basis of all Windows
Quote
Windows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file systems. It is also the component of the operating system that presents many user interface items on the monitor such as the taskbar and desktop. Controlling the computer is possible without Windows Explorer running (for example, the File | Run command in Task Manager on NT-derived versions of Windows will function without it, as will commands typed in a command prompt window). It is sometimes referred to as the Windows Shell, explorer.exe, or simply “Explorer”.
http://en.wikipedia.org/wiki/Windows_Explorer
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8800
  • Gender: Male
    • Personal Message (Offline)
Re: URL:Mal followed by Win32.Malware-gen
« Reply #13 on: May 01, 2011, 08:17:04 PM »
MBAM showing that you're not infected. Looks like you're clean.
But try to rescan with avast! and make a boot-time scan to be sure you're realy clear of viruses. 
You know not of what you speak! ::)
See my post!
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28966
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: URL:Mal followed by Win32.Malware-gen
« Reply #14 on: May 01, 2011, 09:29:31 PM »
Do the alerts still appear ? If so I will need to use a stronger tool

Whilst this programme is running you will need to temporarily disable Avast, any files that Avast wants to sandbox let them run normally

To disable Avast right click the orange blob
Select shield control
Select disable for 1 hour

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now