Author Topic: Blocked Malicious URL  (Read 11975 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Blocked Malicious URL
« Reply #30 on: July 25, 2011, 07:20:13 PM »
OK thanks - do you want the run key removed ?

JimBodkins

  • Guest
Re: Blocked Malicious URL
« Reply #31 on: July 25, 2011, 07:30:47 PM »
Sure, that would help. I uploaded the file as a support ticket. (Zip file which contains a txt explanation file)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Blocked Malicious URL
« Reply #32 on: July 25, 2011, 07:33:52 PM »
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]

[Unregister Dlls]
[Registry - Safe List]
< Run [HKEY_USERS\S-1-5-21-2083572570-772297448-3889614674-1009\] > -> HKEY_USERS\S-1-5-21-2083572570-772297448-3889614674-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "DevCommondlg" -> C:\Documents and Settings\HP_Owner\Local Settings\Application Data\oleobjNetM\DevCommondlg.dll [rundll32.exe "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\oleobjNetM\DevCommondlg.dll",CvtMapCtrl appobjServ]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

JimBodkins

  • Guest
Re: Blocked Malicious URL
« Reply #33 on: July 25, 2011, 07:39:32 PM »
I hope this is the correct file ...

All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS\S-1-5-21-2083572570-772297448-3889614674-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
HOSTS file reset successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry value HKEY_USERS\S-1-5-21-2083572570-772297448-3889614674-1009\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2083572570-772297448-3889614674-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\net64 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\netzip deleted successfully.
[Files - No Company Name]
C:\WINDOWS\System32\1488860941.dat moved successfully.
[Custom Items]
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
[Empty Temp Folders]
 
 
User: Administrator
->Temp folder emptied: 125787 bytes
->Temporary Internet Files folder emptied: 183161 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 81765 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes
 
User: HP_Owner
->Temp folder emptied: 5480455087 bytes
->Temporary Internet Files folder emptied: 169198426 bytes
->Java cache emptied: 134150925 bytes
->FireFox cache emptied: 2631041501 bytes
->Google Chrome cache emptied: 63784580 bytes
->Apple Safari cache emptied: 36241408 bytes
->Flash cache emptied: 2516168 bytes
 
User: jim
->Temp folder emptied: 294313 bytes
->Temporary Internet Files folder emptied: 896712 bytes
->FireFox cache emptied: 8076356 bytes
->Flash cache emptied: 405 bytes
 
User: LocalService
->Temp folder emptied: 568350 bytes
->Temporary Internet Files folder emptied: 224605 bytes
 
User: NetworkService
->Temp folder emptied: 147456 bytes
->Temporary Internet Files folder emptied: 277814 bytes
 
User: postgres
->Temp folder emptied: 81765 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2318655 bytes
%systemroot%\System32 .tmp files removed: 1599537 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10873887 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15750242 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 8,162.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: HP_Owner
->Flash cache emptied: 0 bytes
 
User: jim
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
User: postgres
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.44.0 fix logfile created on 07222011_145315


File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-8592.log moved successfully.

Registry entries deleted on Reboot...




If you have a need for me to do anything let me know.

Thanks for the help.
Jim

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Blocked Malicious URL
« Reply #34 on: July 25, 2011, 10:07:55 PM »
No that was the initial run, but the main thing is did the run key remove cleanly, i.e. no more dll loading errors

JimBodkins

  • Guest
Re: Blocked Malicious URL
« Reply #35 on: July 25, 2011, 10:54:30 PM »
I havent seen any.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Blocked Malicious URL
« Reply #36 on: July 25, 2011, 11:02:36 PM »
If you are happy tomorrow I will remove my tools  ;D

JimBodkins

  • Guest
Re: Blocked Malicious URL
« Reply #37 on: July 26, 2011, 10:23:08 PM »
I havent had a problem. This may be a good thing. :)


Thanks for the help, I will let you know if this reappears. I have no idea where this came from, but I suggest avast examine this.

Thanks again
Jim

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Blocked Malicious URL
« Reply #38 on: July 26, 2011, 10:27:09 PM »
If you uploaded the file they will carry out an anlysis of it to see how it ticks and then add the relevant data