Other > Viruses and worms
[SOLVED] VIRUS/Rootkit => URL Blocked http://rk400.com/?sov=rook-s1ysoft.com
thekochs:
Well, left the machine alone for the weekend and Avast did its regular scans with no issues found.
Also, as stated above the popup went away for day or so....has done this in the past too but came back.
This morning I opened IE8 and as soon as Google Home page came up the popup did....three times in roughly one minute.
It seems it does 3 attempts eash time I go into IE8 so I waited for the 3rd then went to ESET and followed your instructions.
I disabled Avast Shields prior to running but after the three popups.
The online scanner ran for roughly one hour and found Win32\OpenCandy applicaton threat.
I did not select remove found threats as told.
I also exited without unisntalling app in case I need to go back.
Attached is log in ANSI.
Also, I know there are other programs like ComboFix, Kasperky Rescue CD10, TDSSKiller but I'll await your guidance.
Please let me know next steps ?
Thx again.
jeffce:
Hi,
I trust you had a nice weekend? :)
What is the popup saying?
----------
Run OTL.exe
[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
[/list]
--- Code: ---:Services
:Files
C:\Program Files\MediaInfo\OpenCandy\OCSetupHlp.dll
:Commands
[purity]
[emptytemp]
[resethosts]
[clearallrestorepoints]
[start explorer]
[Reboot]
--- End code ---
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
[*]Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
[/list]
thekochs:
--- Quote from: jeffce on April 09, 2012, 03:36:46 PM ---What is the popup saying?
--- End quote ---
I've attached a PDF of the screen capture (pic) of the Avast message box.
I'll wait to run OTL until you can review.
jeffce:
Hi,
After looking at that it seems that avast was protecting you from a bad website or possibly something was on the website itself. I don't think that is coming from within your system. Go ahead with OTL. :)
thekochs:
--- Quote from: jeffce on April 09, 2012, 05:40:26 PM ---Hi,
After looking at that it seems that avast was protecting you from a bad website or possibly something was on the website itself. I don't think that is coming from within your system. Go ahead with OTL. :)
--- End quote ---
Attached is the OTL log from the custom scan.
The popup still comes up as I rebooted and posted to this thread.
Also, I know Avast is blocking the site but I only open Internet Explorer and it comes up...I do not navigate or even touch anything.
Thus, something seems to be in the system as soon as IE8 comes up it tries to access the site.
I've tried to supress the message in Avast's Site Blocking via http://rk400*.* but does not stop the message.
However, I know this would be a band aid.....not resolving the baseline issue/virus.
Question....ESET Online scanner found Win32\OpenCandy applicaton threat.
Should I run this scanner with the remove threat option ?
Let me know your thoughts and next-steps ?
Thank you again for all the help and patience.
Regards.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version