malicious url blocked

[nabby68]

hi
when i click on a link in google avast pops up and tells me a malicious url has been blocked i have hopefully attached a screenshot, please can you help
thanks

 p.s screenshot was too large to attach

[DavidR]

Crop your image so it only shows the relevant parts, e.g. the avast alert window, that should reduce the size considerable. You can also save the file as a .gif format, which again should produce a smaller file size. That should bring you under the 200KB limit.

[nabby68]

 sorry, unable to crop it to reduce the size

is anyone available to help with the original issue?
keep getting more pop ups from avast!!

[nabby68]

ok, finally cropped screenshot and attached it!

[DavidR]

This IP 64.111.211.158 is for ISPrime and is a familiar occurrence in the viruses and worms forum, see http://forum.avast.com/index.php?topic=81036.msg662629#msg662629.

So you need some specialist help, to get the ball rolling you need to run OTS and attach the log.

Unfortunately no two attacks are the same so first I will need to see what you have.

Download OTS to your Desktop and double-click on it to run it

• Make sure you close all other programs and don't use the PC while the scan runs.
  
• Select All Users
  
• Under additional scans select the following

Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

• Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  
• When the scan is complete Notepad will open with the report file loaded in it.
• Please attach the log in your next post.

Note: this says attach the file (to big for copy and paste, use the Additional Options in the Reply window to attach the file.

[nabby68]

Hi David, thanks for your help, i am unable to attach the log or paste it as it is too large??
any ideas?

[nabby68]

hope this works

[DavidR]

If the log file is greater than 200KB - You can use a file sharing site such as Mediafire.com - Upload to http://www.mediafire.com/ and post the sharing link.

[nabby68]

Here is the link to the log file. hope this helps


http://www.mediafire.com/?sfim9o492nn3ra7

[DavidR]

I will try and get someone to have a look at it.

[nabby68]

Ok. Thanks David

[DavidR]

We may have missed essexboy as he may well be in bed now 11:30pm in the UK and he has to work days, so may not be back on the forums until tomorrow evening.

[com155]

utorrent.exe -> C:\Program Files (x86)\uTorrent\uTorrent.exe

this is a adware.

 C:\Windows\system64\drivers\volsnap.sys

this is a TDL4 rootkit according to the info i have gathered.

[com155]

try removing the tdl4 rootkit via kaspersky tdss killer.



*]Download TDSSKiller and save it to your Desktop.

• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
   
  
   
   
  
• If an infected file is detected, the default action will be Cure, click on Continue.
   
  
   
   
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
   
  
   
   
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
   
  
   
   
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  
  
  download mbam from here: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
  
  and get rid of the adware.
  
  post mbam and tdss logs on next comment.
  
  
  
  

[nabby68]

Thanks com 155
Ran TDS Killer but it didnt seem to find anything.
Have attached the logs as you requested. Is essexboy about, he seems to be dealing with a lot of people with the same issue.