Author Topic: Url:Mal  (Read 4232 times)

0 Members and 1 Guest are viewing this topic.

sperrypc

  • Guest
Url:Mal
« on: July 08, 2011, 02:13:41 PM »
Hi all!
i'm new user from italy  :)

i've read this guide and i created log file from OTS (here http://www.mediafire.com/?0j4jlw9pp3jl56q )

I hope you can help me to remove this url:mal from 64.111.211.158 that's is annoying me.  :(

total

  • Guest
Re: Url:Mal
« Reply #1 on: July 08, 2011, 03:08:55 PM »
please post ComboFix.txt into your next reply.
(typical location: C:\ComboFix.txt )

sperrypc

  • Guest
Re: Url:Mal
« Reply #2 on: July 08, 2011, 04:57:01 PM »
this is the log of combofix http://www.mediafire.com/?ip6aozx7w8mrcan  :)

total

  • Guest
Re: Url:Mal
« Reply #3 on: July 08, 2011, 05:42:42 PM »
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the RUN FIX button
Code: [Select]
[Unregister Dlls]
[Files/Folders - Created Within 30 Days]
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Files - No Company Name]
NY ->  ativpsrm.bin -> C:\Windows\ativpsrm.bin
[File - Lop Check]
NY ->  SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[Reboot]
The fix should only take a very short time. After reboot,please post the following report/log into your next reply

delete your copy combfix, and download new copy from here

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
-Temporarily disable your AntiVirus/Antispyware program.
-Run ComboFix
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
  Post log reports ( ComboFix.txt) back to topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Url:Mal
« Reply #4 on: July 08, 2011, 07:36:59 PM »
Quote
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
NY ->  SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT
Why are you removing these ?  Where did you train with OTS ?

sperrypc

  • Guest
Re: Url:Mal
« Reply #5 on: July 08, 2011, 07:53:48 PM »
ok.
I've done all  :o

This is my new Log of ComboFix (see attached file).

Now the Url:mal seems to be fixxed.

But i've another problem, Google Chrome doesn't work (IE works), I already tried uninstalling and reinstalling and it did nothing.. also i can't go in the option's page of chrome :S

total

  • Guest
Re: Url:Mal
« Reply #6 on: July 08, 2011, 08:39:05 PM »
ok..you must uninstall combfix
start/search/ copy this into empty field comofix /uninstall klick enter
start OTS >klick on clean up

for google crome
Can you describe in more detail, by mistake occurs

sperrypc

  • Guest
Re: Url:Mal
« Reply #7 on: July 08, 2011, 09:27:29 PM »
sorry but URL:Mal is back  :(

com155

  • Guest
Re: Url:Mal
« Reply #8 on: July 09, 2011, 06:06:01 AM »
ok,then this looks like a tdss rootkit.try this:



*]Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.



  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.



  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
     


  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    THEN READ THIS CAREFULLY AND FOLLOW THE STEPS:

    Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the RUN FIX button
    Code: [Select]
    [Unregister Dlls]
    [Registry - Safe List]
    NY ->  < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3295999096-4066887843-2553295482-1003\]
    NY ->  HKEY_USERS\S-1-5-21-3295999096-4066887843-2553295482-1003\: Main\\"Start Page" -> http://www.google.it/ ->
    [Empty Temp Folders]
    [EmptyFlash]
    [CreateRestorePoint]
    [Reboot]
    The fix should only take a very short time. After reboot,please post the following report/log into your next reply
« Last Edit: July 09, 2011, 06:18:28 AM by com155 »