Virus(?) using IE/Firefox to connect to a website.

[Spiderless]

Ok so I'm beginning to get skeptical about this one, it only pops up on this website now: hxxp://www.escapistmagazine.com/videos/view/zero-punctuation  and SpyBot found nothing. So maybe it is a false-positive.

[essexboy]

Is it just that site ?

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]


[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2287921795-3912660771-842721480-1001\] > -> HKEY_USERS\S-1-5-21-2287921795-3912660771-842721480-1001\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Registry - Additional Scans - Safe List]
< 64bit-Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YY -> C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
 
Double click the aswMBR.exe to run it
 
Click the "Scan" button to start scan
 
 
On completion of the scan click save log, save it to your desktop and post in your next reply

[Spiderless]

Done.

OTS

Code: [Select]

All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS\S-1-5-21-2287921795-3912660771-842721480-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
[Registry - Additional Scans - Safe List]
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk\ deleted successfully.
File  not found.
C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe moved successfully.
[Custom Items]
========== FILES ==========
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Adam\Desktop\cmd.bat deleted successfully.
C:\Users\Adam\Desktop\cmd.txt deleted successfully.
[Empty Temp Folders]
 
 
User: Adam
->Temp folder emptied: 1700396 bytes
->Temporary Internet Files folder emptied: 24791603 bytes
->Java cache emptied: 3184631 bytes
->FireFox cache emptied: 77962885 bytes
->Flash cache emptied: 58172 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 236038 bytes
 
Total Files Cleaned = 103.00 mb
 
 
[EMPTYFLASH]
 
User: Adam
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTS Restore Point
< End of fix log >
OTS by OldTimer - Version 3.1.44.0 fix logfile created on 08032011_220936

Files\Folders moved on Reboot...
C:\Users\Adam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZD6GDZA\api[1].htm moved successfully.
C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZD6GDZA\api[2].htm moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

aswMBR

Code: [Select]

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-03 22:14:23
-----------------------------
22:14:23.185    OS Version: Windows x64 6.1.7601 Service Pack 1
22:14:23.185    Number of processors: 8 586 0x1E05
22:14:23.185    ComputerName: ADAM-PC  UserName: Adam
22:14:26.695    Initialize success
22:14:26.961    AVAST engine defs: 11080301
22:14:34.012    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:14:34.012    Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
22:14:34.028    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
22:14:34.028    Disk 1 Vendor: ST950042 0003 Size: 476940MB BusType: 3
22:14:34.043    Disk 0 MBR read successfully
22:14:34.043    Disk 0 MBR scan
22:14:34.043    Disk 0 Windows 7 default MBR code
22:14:34.043    Service scanning
22:14:39.285    Modules scanning
22:14:39.285    Disk 0 trace - called modules:
22:14:39.300    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
22:14:39.316    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dee790]
22:14:39.316    3 CLASSPNP.SYS[fffff88001b6543f] -> nt!IofCallDriver -> [0xfffffa8006d2f040]
22:14:39.332    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007bbd050]
22:14:40.268    AVAST engine scan C:\Windows
22:14:41.859    AVAST engine scan C:\Windows\system32
22:15:48.284    AVAST engine scan C:\Windows\system32\drivers
22:15:56.146    AVAST engine scan C:\Users\Adam
22:21:25.182    AVAST engine scan C:\ProgramData
22:23:15.178    Scan finished successfully
22:23:26.051    Disk 0 MBR has been saved successfully to "C:\Users\Adam\Desktop\MBR.dat"
22:23:26.051    The log file has been saved successfully to "C:\Users\Adam\Desktop\aswMBR.txt"




Also its the only site I've been on since it first appeared a few hours ago that makes it happen. But I'm 99.99% sure I wasn't on that site when it first appeared.

[essexboy]

How is the computer behaving now ?