Author Topic: solved malicious url since installing avast 6  (Read 32581 times)

0 Members and 1 Guest are viewing this topic.

diane blanx

  • Guest
Re: malicious url since installing avast 6
« Reply #75 on: May 03, 2011, 09:20:34 PM »
have to go to work in 10 mins if we not finished will it be safe to leave until tomorrow

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #76 on: May 03, 2011, 09:21:08 PM »
You're getting faster...  ;D

This is looking good to me.

Do some testing. Pop ups gone?
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #77 on: May 03, 2011, 09:21:58 PM »
have to go to work in 10 mins if we not finished will it be safe to leave until tomorrow

We are almost there... I think we are done.
Do some tests.
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

diane blanx

  • Guest
Re: malicious url since installing avast 6
« Reply #78 on: May 03, 2011, 09:22:28 PM »
what kind of tests

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: malicious url since installing avast 6
« Reply #79 on: May 03, 2011, 09:25:02 PM »
what kind of tests

Basically, do whatever it was that you were doing before when you were experiencing problems.  check to see if said problems are gone.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #80 on: May 03, 2011, 09:25:17 PM »
Well, whatever you did that made the pop ups occur.

You can use the pc now. We will meet tomorrow here again, okay?

Just some last looks at it, but I think you are fine now.  ;D
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #81 on: May 04, 2011, 08:08:46 AM »
Hi Diane,
I presume your computer is running okay without pop-ups but anyway we will now do some scanning to see if any miscreant leftovers have to be removed.

Run OTS by double-clicking on it. (We downloaded the program already yesterday)
  • Select All Users
  • Under additional scans select the following

Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT


  • Now close all other programs running (including browser).
  • Click the Run Scan button. Do not use the PC while the scan is running as the computer might freeze.
  • When the scan is complete Notepad will open automatically with the log file loaded in it. Save the log file to disk by clicking "File" -> "Save" and name it "OTSlog". Make sure that it is saved as "ANSI". (See screenshot)
  • Please attach the log in your next post.
  • I will review the log and come back later with ( I hope final) instructions, but this may take a while since I am at work now and can fully analyze the file only after I get home this afternoon. So please be patient, anyhow it is safe for you to use your PC.

    ;D


You should open Avast, Maintenance tab, and click on "Update Program" to ensure your Avast is fully up to date.

Please come back here this evening.

Cheers
Zyndstoff
« Last Edit: May 04, 2011, 08:14:10 AM by Zyndstoff (aka Steven Gail) »
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

diane blanx

  • Guest
Re: malicious url since installing avast 6
« Reply #82 on: May 04, 2011, 10:51:51 AM »
problem seems to be fixed you are a genius thank you very much.do you know how i got these infections when i was using avast and also how do i stop my computer from getting infected again

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #83 on: May 04, 2011, 11:53:00 AM »
problem seems to be fixed you are a genius thank you very much.do you know how i got these infections when i was using avast and also how do i stop my computer from getting infected again

Ha ha ha... no, I'm no genius.

Please do the scan I advised in the post above and post the log, we'll have to do some cleaning up for sure.

To your question: even if you use Avast (or any other AV btw) you will never be 100% protected. Malware authors are very quick in slightly altering their crap - so every AV has it's moments of vulnerability.
To avoid infection: use your brains when surfing. Don't click on buttons, links or ads that are promising something too tempting to believe or to be true. Do not open unasked for attachements in your emails just like this - make sure that the sender really knew what he was sending, even if it was a known friend.
Also p2p file exchange is a great source of malware (Bearshare, Limewire and the like), not to mention sites that "offer" cracks, hacks and porn.

You can increase protection if you are willing to invest $ 24,95 for a lifetime licence of MBAM Pro. Unlike MBAM free, the Pro version will be a resident scanner when you start the PC and protect you from lots of stuff that may get by Avast.

Also it is always a good decision to have one windows user account with admin rights (only to use when software must be installed or anything else needs to be done that requires admin rights) and to have all other user accounts as "restricted" and do all daily stuff with this restricted account. This enables working / surfing / playing, but it prevents malware that is caught on this particular account to tamper with the system.
« Last Edit: May 04, 2011, 11:55:15 AM by Zyndstoff (aka Steven Gail) »
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

diane blanx

  • Guest
Re: malicious url since installing avast 6
« Reply #84 on: May 04, 2011, 01:11:15 PM »
hope this works .i am not available tonight so will speak to you tomorrow

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #85 on: May 04, 2011, 01:12:40 PM »
Wonderful.
I'll look at it and we do the cleaning tomorrow!

Have fun.  ;D
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #86 on: May 04, 2011, 10:05:24 PM »
Hi Diane.

Start OTS and copy the code below to where it says Paste fix here (make sure you copy all of the code in the box below, the last line reads [Create Restore Point]) and then click the Run Fix button.

Code: [Select]
[Unregister Dlls]
[Registry - Safe List]
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
YY -> HKLM\software\mozilla\Firefox\Extensions\\{B339B6F2-77FD-4E58-B2A4-BAC1C8536C95} -> C:\Documents and Settings\Liam\Local Settings\Application Data\{B339B6F2-77FD-4E58-B2A4-BAC1C8536C95} [C:\DOCUMENTS AND SETTINGS\LIAM\LOCAL SETTINGS\APPLICATION DATA\{B339B6F2-77FD-4E58-B2A4-BAC1C8536C95}]
YY -> HKLM\software\mozilla\Firefox\Extensions\\{053530DC-6E55-4935-A879-42149E9D9AF2} -> C:\Documents and Settings\Diane\Local Settings\Application Data\{053530DC-6E55-4935-A879-42149E9D9AF2} [C:\DOCUMENTS AND SETTINGS\DIANE\LOCAL SETTINGS\APPLICATION DATA\{053530DC-6E55-4935-A879-42149E9D9AF2}]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{0974BA1E-64EC-11DE-B2A5-E43756D89593}" [HKLM] -> [MediaBar]
YN -> "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "SM_IAN" -> [C:\Program Files\AdvancedCleaner Free\ian_monitor.exe]
YN -> "SunJavaUpdateSched" -> ["C:\Program Files\Java\jre6\bin\jusched.exe"]
YN -> "UADC_4215311620" -> ["C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c]
YN -> "UADC_534121639" -> ["C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c]
[Files/Folders - Created Within 30 Days]
NY ->  spupdwxp3.dll -> C:\WINDOWS\System32\spupdwxp3.dll
[Files/Folders - Modified Within 30 Days]
NY ->  ufdvrw.sys -> C:\WINDOWS\System32\drivers\ufdvrw.sys
NY ->  qtpwsuji.sys -> C:\WINDOWS\System32\drivers\qtpwsuji.sys
NY ->  Nliqilojihume.bin -> C:\WINDOWS\Nliqilojihume.bin
NY ->  Odotejidedu.dat -> C:\WINDOWS\Odotejidedu.dat
NY ->  5it12s5a.dat -> C:\Documents and Settings\All Users\Application Data\5it12s5a.dat
NY ->  spupdwxp3.dll -> C:\WINDOWS\System32\spupdwxp3.dll
[Files - No Company Name]
NY ->  ufdvrw.sys -> C:\WINDOWS\System32\drivers\ufdvrw.sys
NY ->  qtpwsuji.sys -> C:\WINDOWS\System32\drivers\qtpwsuji.sys
NY ->  Odotejidedu.dat -> C:\WINDOWS\Odotejidedu.dat
NY ->  Nliqilojihume.bin -> C:\WINDOWS\Nliqilojihume.bin
NY ->  5it12s5a.dat -> C:\Documents and Settings\All Users\Application Data\5it12s5a.dat
NY ->  Oeiipkf.job -> C:\WINDOWS\tasks\Oeiipkf.job
[File - Lop Check]
NY ->  Install.job -> C:\WINDOWS\Tasks\Install.job
NY ->  Oeiipkf.job -> C:\WINDOWS\Tasks\Oeiipkf.job
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Save the log (make sure ANSI is selected) and attach the log file to your next post.

I will look at the information when it is posted.
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

diane blanx

  • Guest
Re: malicious url since installing avast 6
« Reply #87 on: May 05, 2011, 03:34:35 PM »
hope this is right

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #88 on: May 05, 2011, 03:44:49 PM »
Perfect.
 :D

Just to be sure: please run MBAM once more: update it via Update-tab and run a quick scan and post the log.

But I think we have succeeded.
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

diane blanx

  • Guest
Re: malicious url since installing avast 6
« Reply #89 on: May 05, 2011, 04:09:06 PM »
here goes