Author Topic: Mal:URL  (Read 6957 times)

0 Members and 1 Guest are viewing this topic.

Offline cariad140

  • Newbie
  • *
  • Posts: 18
Mal:URL
« on: February 28, 2012, 06:59:03 PM »
Avast was recommended to me from a friend from the security forum at dslreports. However it's giving me constant MAL:URL  Process windows/explorer.exe popups for a few days now.
I've followed several steps to clean and test eg. cleaned temp files, ran malwarebytes, avg, online bitdefender scan and they all come up with nothing.

Another security forum suggested I post here since they couldn't see anything in all the logs which would suggest anything was wrong.  No one can tell me why I'm getting these constant popups.

Help please

Thanks.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36624
Re: Mal:URL
« Reply #1 on: February 28, 2012, 07:12:27 PM »
Quote
No one can tell me why I'm getting these constant popups.
If anyone can....i think essexboy

Follow this guide and attach the logs requested
http://forum.avast.com/index.php?topic=53253.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83014
  • No support PMs thanks
Re: Mal:URL
« Reply #2 on: February 28, 2012, 07:18:46 PM »
You have something else on your system that is misusing the explorer file.

This needs further analysis by a malware removal specialist: Follow the information on the link you were given. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline cariad140

  • Newbie
  • *
  • Posts: 18
Re: Mal:URL
« Reply #3 on: February 28, 2012, 07:46:30 PM »
Thanks. This is my school pc, and I'm just finishing up for the day but I will follow and post the requested files as soon as I can tomorrow.

Thank you so much for replying

Offline cariad140

  • Newbie
  • *
  • Posts: 18
Re: Mal:URL
« Reply #4 on: February 29, 2012, 12:13:27 PM »
Just to start the ball rolling until I get to school, this is the threadhttp://www.dslreports.com/forum/r26942098-Malware-Malicious-URLI posted in yesterday with the logs I was asked for.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83014
  • No support PMs thanks
Re: Mal:URL
« Reply #5 on: February 29, 2012, 02:12:30 PM »
The idea is to post the loge here in your post and not on another site.

The helpers are hardly going to visit another site where they would have to register to be able to post.

This forum has the ability to attach the logs to the post so you don't have to copy and paste the contents over a number of posts, that is easier for you and for the one trying to help.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline cariad140

  • Newbie
  • *
  • Posts: 18
Re: Mal:URL
« Reply #6 on: February 29, 2012, 02:52:08 PM »
It wasn't my intention to not post logs here David, my apologies if I offended. I was just getting a little ansy knowing something was wrong, and not being at work sat at the pc trying to get it fixed.
That said, I'm at work now, and here are the first two logs .I'm not getting the  Extras.txt generated after running OTL.txt and I ran it twice. The same thing happened yesterday.
 

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83014
  • No support PMs thanks
Re: Mal:URL
« Reply #7 on: February 29, 2012, 02:58:44 PM »
You normally only get the extras.txt when you first run OTL, so I don't know where it went.

It may be a little while before someone can analyse the logs, essexboy will be at work, he is normally on the forums from about 7PM UK time (now 2pm). Unless one of the other malware removal specialists can pick it up.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline cariad140

  • Newbie
  • *
  • Posts: 18
Re: Mal:URL
« Reply #8 on: February 29, 2012, 03:06:28 PM »
Did a search on the pc, found the extras.txt sitting in another folder. It's the scan from yesterday.

Offline cariad140

  • Newbie
  • *
  • Posts: 18
Re: Mal:URL
« Reply #9 on: March 01, 2012, 03:00:21 PM »
Not sure if anyone had time to look at the logs, but since yesterday I downloaded and ran combofix. Since running it, and numerous reboots the mal:url popups have ceased.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83014
  • No support PMs thanks
Re: Mal:URL
« Reply #10 on: March 01, 2012, 03:12:59 PM »
Essexboy is normally he one to analyse the logs, but as you can imagine he can get very busy and his time on the forums is limited.

Generally we don't recommend running Combofix except under guidance as it is a powerful tool and with some of the new malware (you have to get the removal order correct or it can have adverse consequences).

So I think the logs still need to be analysed, to get an idea of what it was to start with and after running combofix (attach that log), essexboy may ask for another OTL scan to ensure everything was removed.

EDIT: I have PM'd essexboy, so hopefully he will be able to get on it after work.
« Last Edit: March 01, 2012, 03:15:49 PM by DavidR »
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline cariad140

  • Newbie
  • *
  • Posts: 18
Re: Mal:URL
« Reply #11 on: March 01, 2012, 03:27:09 PM »
I understand how busy everyone is and I appreciate the effort you guys put into the site.
Combofix was last resort, and hopefully it worked. Logs attached.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83014
  • No support PMs thanks
Re: Mal:URL
« Reply #12 on: March 01, 2012, 03:43:36 PM »
I notice from your combofix log - Having two resident anti-virus scanners installed is one too many and not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable as the two dogs fight over the same bone.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline cariad140

  • Newbie
  • *
  • Posts: 18
Re: Mal:URL
« Reply #13 on: March 01, 2012, 04:18:26 PM »
Two installed but only one active and it was only done to try and get rid of whatever was on my pc. I uninstalled AVG this morning.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83014
  • No support PMs thanks
Re: Mal:URL
« Reply #14 on: March 01, 2012, 04:21:12 PM »
It doesn't matter if only one is active as that is the nature of resident antivirus scanners, they install low level drivers to hook files so that they can be scanned, it is these low level drivers where the fight starts.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro