malicious url blocked pop-up. plz help

[sannjay kumar]

hi, frnds. i m new in avast forum. plz help me to get rid of a problem.
now a day avast show "malicious url blocked" msg  while using chrome, no such msg in internet explorer.
msg comes in every 10-15 second and specially when i click on any webpage. in msg  every time this site "http://www.footprintsit.com/search/antic..." is blocked, though i did not open this site.
i installed Malwarebytes' Anti-Malware. scaned and deleted malware but the problem continue. even Malwarebytes' Anti-Malware  show msg "Malwarebytes Antivirus Successfully blocked access to a poentially malicious website: "
how to stop this annoying thing. plz help.

[Pondus]

follow this guide and attach ( not copy and paste) the malwarebytes log that show what was removed / OTL and aswMBR logs
http://forum.avast.com/index.php?topic=53253.0

[sannjay kumar]

how to attach logs. while replying there is no attach file option or  "Additional options" 

[Pondus]

the attach option is just belowe the box you write the txt in

"attachment and other options"

[sannjay kumar]

i attached logs.

[REDACTED]

HOSTS File  is bаd    - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1   ххх.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   ххх.008k.com
and so on.

and Alternate Data Streams problems.

Windows XP Professional Edition Service Pack 2  ...need SP3 аnd all the patches.

Very similar to Kido

[2011/06/11 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/06/11 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

Install Microsoft patches MS08-067, MS08-068, MS09-001 (on these pages you will have to select which operating system is installed on the infected PC, download corresponding patch and install it).

[sannjay kumar]

i downloaded MS08-067, MS08-068, MS09-001 but did not install it yet , but now avast pop ups "malicious url blocked" is not coming. do i install them

[REDACTED]

i downloaded MS08-067, MS08-068, MS09-001 but did not install it yet , but now avast pop ups "malicious url blocked" is not coming. do i install them

In any case, you need to install SP3 and all latest patches.

And wait for the professionals, they will help you clean up your computer from unnecessary.

[jeffce]

Hi,

Let me look these over and I will return as quickly as I can. 

[jeffce]

Hi,

Download CKScanner by askey127 from Here & save it to your Desktop.

• Doubleclick CKScanner.exe then click Search For Files
  
• When the cursor hourglass disappears, click Save List To File
  
• A message box will verify the file saved
• Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
  

----------

[sannjay kumar]

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\corel\corel graphics 11\custom data\bumpmap\cracks.cpt
c:\program files\corel\corel graphics 11\custom data\canvas\cracks2c.pcx
c:\program files\corel\corel graphics 11\custom data\tiles\cracks2m.cpt
c:\program files\spiderman 2 cracked\system\game0.ini
c:\program files\spiderman 2 cracked\system\game1.ini
c:\program files\spiderman 2 cracked\system\game2.ini
c:\program files\spiderman 2 cracked\system\running.ini
c:\windows\crackpdf.ini
scanner sequence 3.DD.11.VLAPWG
 ----- EOF -----

[sannjay kumar]

problem still exist plz help

[Pondus]

problem still exist plz help

be patient...... jeffce cant be online 24hours......he also have work. 

[jeffce]

Hi,

Sorry for the delay....I had to work a double shift and didn't get home until late last night. 
-------------

P2P - I see you have P2P software BitTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation.  This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.
----------

Please download and run ERUNT (Emergency Recovery Utility NT).  This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.  **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

Code: [Select]

:Services

:OTL
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\fimeve.exe -- (peaa5j0yhvna)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\kphaecetqxbm.sys -- (xbjonpfmky)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\tqsnqvcfu.sys -- (tmeyj)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\uvpjce.sys -- (qiezhkssl)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\ajvifj.sys -- (ntisjxdipoy)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\ejbmallkqc.sys -- (kuqiwki)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\ndxcwexrqvssd.sys -- (biqwpzaatejkxp)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1078081533-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 AF 5E A2 23 F6 CB 01  [binary data]
IE - HKU\S-1-5-21-1078081533-1844237615-839522115-1003\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
IE - HKU\S-1-5-21-1078081533-1844237615-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1078081533-1844237615-839522115-1003\..\SearchScopes\{7D9D7989-3CCD-46C1-AE94-87BFB378C658}: "URL" = http://in.search.yahoo.com/search?p={searchTerms}&fr=chr-spt_gen
IE - HKU\S-1-5-21-1078081533-1844237615-839522115-1003\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit.com/search.aspx?aff=106&q={searchTerms}
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-1078081533-1844237615-839522115-1003..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe File not found
O33 - MountPoints2\{3900d2bc-62a1-11e1-aa88-00241df35572}\Shell - "" = AutoRun
O33 - MountPoints2\{3900d2bc-62a1-11e1-aa88-00241df35572}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3900d2bc-62a1-11e1-aa88-00241df35572}\Shell\AutoRun\command - "" = H:\AutoRun.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2012/05/05 03:27:15 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/11 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/06/11 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered.  There will be a log created when it completes that I will need in your next reply.  Reboot when it is done.
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  

[sannjay kumar]

thanks jeffce. yes i was using bit torrent, now i uninstalled it.

i run OTL.exe copy past the written code into the Custom Scans/Fixes box and Then click the Run Fix button at the top. after click "Run Fix" cursor change into Hourglass, i thought program is running i waited for more than 1 hr but  nothing happen, i thought program is not working properly, so click on the otl window then it was showing "not responding"  so i have to restart my computer. i tried  two time. it is normal to take so much time for this process ?
could u tell me how approximate  time it will take ?