Author Topic: solved malicious url since installing avast 6  (Read 30942 times)

0 Members and 1 Guest are viewing this topic.

Offline diane blanx

  • Jr. Member
  • **
  • Posts: 60
solved malicious url since installing avast 6
« on: May 03, 2011, 01:23:13 PM »
since upgrading to avast 6 i keep getting messages saying malicious url or trojan horse blocked every 5 to 10 mins. i know nothing about computers can anyone tell me why this is happening and if its safe to use my computer.
« Last Edit: May 05, 2011, 07:11:05 PM by diane blanx »

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #1 on: May 03, 2011, 01:25:28 PM »
1. Don't panic. As long as the word "blocked" is there, no need to be afraid.  ;D

2. What is your operating system? Windows 7? Vista? XP?

3. Do you have any other antivirus software installed?
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline diane blanx

  • Jr. Member
  • **
  • Posts: 60
Re: malicious url since installing avast 6
« Reply #2 on: May 03, 2011, 01:30:29 PM »
xp and no not that i am aware of

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #3 on: May 03, 2011, 01:35:28 PM »
Okay, so here we go:

Download Malwarebytes Antimalware free by clicking on the blue MBAM in my signature.
Install it.
Start it.
Go to the update tab and update it.
Then start a "Quick scan" (takes only few minutes).
A log will appear after the scan - save that to your disk and post the file here (click "Additional Options" at the bottom of post editor window to attach the saved log file).

We'll continue then.
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline diane blanx

  • Jr. Member
  • **
  • Posts: 60
Re: malicious url since installing avast 6
« Reply #4 on: May 03, 2011, 02:22:44 PM »
Scanning now but seems to be taking a while hope you still there

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #5 on: May 03, 2011, 02:24:09 PM »
At least two more hours... then it's time to drive home and I'll be online again for 2 or 3 more hrs.

We'll get this done.

You selected "Quick Scan"?
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline diane blanx

  • Jr. Member
  • **
  • Posts: 60
Re: malicious url since installing avast 6
« Reply #6 on: May 03, 2011, 02:25:38 PM »
Yes

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #7 on: May 03, 2011, 03:04:09 PM »
Still scanning...?  :o
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline diane blanx

  • Jr. Member
  • **
  • Posts: 60
Re: malicious url since installing avast 6
« Reply #8 on: May 03, 2011, 03:05:25 PM »
wont let me upload file

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #9 on: May 03, 2011, 03:06:32 PM »
What? Why not? What does it say?

Can you copy the content and paste it as normal text in a post?
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline diane blanx

  • Jr. Member
  • **
  • Posts: 60
Re: malicious url since installing avast 6
« Reply #10 on: May 03, 2011, 03:12:39 PM »
Don't know how to do that

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #11 on: May 03, 2011, 03:14:21 PM »
Open the log-file with notepad.
Mark the text.
Copy it (ctrl + C) and paste (ctrl + V) it in your post.

What is the error message when you try to upload it?
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline diane blanx

  • Jr. Member
  • **
  • Posts: 60
Re: malicious url since installing avast 6
« Reply #12 on: May 03, 2011, 03:26:21 PM »
www Malwarebytes' Anti-Malware 1.50.1.1100
.malwarebytes.org

Database version: 6498

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/05/2011 14:04:12
errors2

Scan type: Quick scan
Objects scanned: 185484
Time elapsed: 58 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 22
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 22
Files Infected: 42

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\igasetacokuvomu.dll (IPH.Trojan.Hiloti.B) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMService (Spyware.Passwords.XGen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Spyware.Passwords.XGen) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{6F098504-CDB1-420f-A2E6-DDC0B835FEDF} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\HBLiteAX.Info.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\HBLiteAX.Info (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6} (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> No action taken.

Offline diane blanx

  • Jr. Member
  • **
  • Posts: 60
Re: malicious url since installing avast 6
« Reply #13 on: May 03, 2011, 03:27:24 PM »
CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-E229-4942-87CE-E717109FC8C6 HKEY } (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.
HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> No action taken.
HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HBLiteSA (HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54- Adware.HotBar) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Aqiquba (IPH.Trojan.Hiloti.B) -> Value: Aqiquba -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\HBLite@HBLite.com (Adware.HotBar) -> Value: HBLite@HBLite.com -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\all users\application data\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> No action taken.
c:\documents and settings\charlotte\application data\HBLite (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\application data\HBLiteSA (Adware.Hotbar) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2 (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs\db (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs\dwld (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs\report (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs\res1 (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2 (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2\cs (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2\cs\db (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2\cs\dwld (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2\cs\report (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Liam\application data\shoppingreport2\cs\res1 (Adware.ShoppingReport2) -> No action taken.
c:\program files\HBLite (Adware.Hotbar) -> No action taken.
c:\program files\HBLite\bin (Adware.Hotbar) -> No action taken.
c:\program files\HBLite\bin\11.0.363.0 (Adware.Hotbar) -> No action taken.

Offline diane blanx

  • Jr. Member
  • **
  • Posts: 60
Re: malicious url since installing avast 6
« Reply #14 on: May 03, 2011, 03:28:21 PM »
c:\program files\HBLite\bin\11.0.363.0\firefox (Adware.Hotbar) -> No action taken.
c:\program files\HBLite\bin\11.0.363.0\firefox\extensions (Adware.Hotbar) -> No action taken.
c:\program files\HBLite\bin\11.0.363.0\firefox\extensions\plugins (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\start menu\Programs\Hotbar (Adware.Hotbar) -> No action taken.

Files Infected:
c:\WINDOWS\igasetacokuvomu.dll (IPH.Trojan.Hiloti.B) -> No action taken.
c:\WINDOWS\Temp\cveo\setup.exe (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\liam\local settings\temp\38.tmp (Malware.Gen) -> No action taken.
c:\documents and settings\liam\local settings\temp\ecsxamwonr.tmp (Trojan.Hiloti) -> No action taken.
c:\documents and settings\liam\local settings\temp\tcj.exe (Heuristics.Shuriken) -> No action taken.
c:\documents and settings\liam\local settings\temp\tck.exe (Heuristics.Shuriken) -> No action taken.
c:\documents and settings\liam\local settings\temp\tcl.exe (Heuristics.Shuriken) -> No action taken.
c:\documents and settings\liam\local settings\temp\tcm.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\documents and settings\liam\local settings\temp\tcn.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\documents and settings\liam\local settings\temp\tco.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\documents and settings\liam\local settings\temp\tcp.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\documents and settings\liam\local settings\temp\tcr.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\documents and settings\liam\local settings\temp\tcs.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\documents and settings\liam\local settings\temp\tct.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\windows\temp\trz19.tmp (Trojan.Downloader) -> No action taken.
c:\windows\temp\trz1e.tmp (Trojan.Downloader) -> No action taken.
c:\windows\temp\trz3b.tmp (Trojan.Downloader) -> No action taken.
c:\windows\iz3dps.dll (Trojan.Hiloti) -> No action taken.
c:\windows\tfozua.exe (Trojan.FraudPack.Gen) -> No action taken.
c:\documents and settings\all users\application data\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\application data\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\application data\HBLiteSA\hblitesaau.dat (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\application data\HBLiteSA\hblitesaeula.mht (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\application data\HBLiteSA\hblitesa_kyf.dat (Adware.Hotbar) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs\Config.xml (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Diane\application data\shoppingreport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> No action taken.