Author Topic: Malware? Excessive "threat detected" popups...  (Read 12629 times)

0 Members and 1 Guest are viewing this topic.

Schecter331

  • Guest
Malware? Excessive "threat detected" popups...
« on: May 15, 2012, 10:09:41 AM »
No idea what happened, obviously. Everytime I open a web page, I get a threat detected and a mal url warning. I read a threat below me that had the exact same problem, but I know I need to start my own topic to properly proceed...
...so virus gods and goddesses...help?
-Kyle

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Malware? Excessive "threat detected" popups...
« Reply #1 on: May 15, 2012, 10:34:32 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

jeffce

  • Guest
Re: Malware? Excessive "threat detected" popups...
« Reply #2 on: May 15, 2012, 01:28:02 PM »
Monitoring... :)

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Malware? Excessive "threat detected" popups...
« Reply #3 on: May 15, 2012, 01:29:38 PM »
No idea what happened, obviously. Everytime I open a web page, I get a threat detected and a mal url warning. I read a threat below me that had the exact same problem, but I know I need to start my own topic to properly proceed...
...so virus gods and goddesses...help?
-Kyle

You get a warning on every webpage you try to open or just on the same specific webpage?
Visit my webpage Angry Sheep Blog

Schecter331

  • Guest
Re: Malware? Excessive "threat detected" popups...
« Reply #4 on: May 15, 2012, 10:13:03 PM »
Any webpage I open I get the warning. It has been quiet today, however...interesting.

jeffce

  • Guest
Re: Malware? Excessive "threat detected" popups...
« Reply #5 on: May 16, 2012, 03:02:29 AM »
Hi,

Please download and run ERUNT (Emergency Recovery Utility NT).  This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.  **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code: [Select]
:Services

:OTL
PRC - [2011/07/27 07:06:44 | 000,267,488 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/06/09 23:29:49 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
SRV - [2011/07/27 07:06:44 | 000,267,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
IE - HKU\S-1-5-21-2067896838-3830993589-4124492298-1002\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92260421141485908
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" File not found
O33 - MountPoints2\{bb5f30a9-24e2-11e1-bb45-e8113250a761}\Shell - "" = AutoRun
O33 - MountPoints2\{bb5f30a9-24e2-11e1-bb45-e8113250a761}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2001/04/30 13:33:00 | 000,032,768 | R--- | M] ()
[2011/10/20 21:14:58 | 000,099,384 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\inst.exe
[2011/12/26 21:57:49 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\GetRightToGo

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Schecter331

  • Guest
Re: Malware? Excessive "threat detected" popups...
« Reply #6 on: May 16, 2012, 06:07:13 AM »
Done and done.

jeffce

  • Guest
Re: Malware? Excessive "threat detected" popups...
« Reply #7 on: May 16, 2012, 01:36:47 PM »
Hi,

I think that you may have posted the wrong OTL log.  The one you attached was the first one you ran...did you run a new scan after performing the fix that I provided?  If not, run a new scan now with OTL and post the newly made log.  :)

Schecter331

  • Guest
Re: Malware? Excessive "threat detected" popups...
« Reply #8 on: May 16, 2012, 07:33:43 PM »
Hm, I could've sworn I posted the correct log...

Yes I ran that custom fix you posted, it had me reboot my computer, and I ran another scan and here is the log from it (positive!)

jeffce

  • Guest
Re: Malware? Excessive "threat detected" popups...
« Reply #9 on: May 16, 2012, 08:27:24 PM »
      Hi,

Malwarebytes

I see that you have Malwarebytes already on your computer.  Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



[list=1]
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)[list=1]
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin

scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Back button.
  • Push Finish
http://www.eset.com/onlinescan/
----------

In your next reply please attach the logs made by Malwarebytes and ESET online scanner.  :)

Schecter331

  • Guest
Re: Malware? Excessive "threat detected" popups...
« Reply #10 on: May 17, 2012, 04:37:06 AM »
Thank you in advance for the help, you guys/gals are amazing.


jeffce

  • Guest
Re: Malware? Excessive "threat detected" popups...
« Reply #11 on: May 17, 2012, 01:48:58 PM »
Hi,

Please run Malwarebytes again and this time remove all entries found...save the log created.
------------

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code: [Select]
:Services

:Files
C:\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
C:\Users\Kyle\Documents\Vuze Downloads\The.Witcher.2.Assassins.of.Kings-SKIDROW\DVD2\sr-tw2b.iso
C:\Users\Kyle\Documents\Witcher 2\paul.dll
C:\Users\Kyle\Documents\Witcher 2\Config\paul.dll
C:\Users\Kyle\Downloads\AudioPerformerSetup.exe
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[clearallrestorepoints]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------

In your next reply attach the logs made by Malwarebytes and OTL....also let me know how your system is running now. :)

Schecter331

  • Guest
Re: Malware? Excessive "threat detected" popups...
« Reply #12 on: May 17, 2012, 07:14:17 PM »
So many logs on my desktop! Cleaned 'em up to ensure I uploaded the correct ones (or so I think...)
« Last Edit: May 17, 2012, 07:28:36 PM by Schecter331 »

jeffce

  • Guest
Re: Malware? Excessive "threat detected" popups...
« Reply #13 on: May 17, 2012, 07:53:43 PM »
Did you run Malwarebytes and remove the entries found?  The log you attached showed No Action Taken?

How is your system running? 

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Malware? Excessive "threat detected" popups...
« Reply #14 on: May 17, 2012, 08:08:32 PM »
also....malwarebytes was not updated when run.... signatures was 2 days old
Malwarebytes release 5 - 10 updates a day