Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts

[jeffce]

No the OTL fix probably has not been completed.  Are you not able to boot to Safe Mode now? 

[mchain]

Hi jesamine,

jeffce's question is critical. 

As he has other ways to fix your system using programs that run outside of windows, do not worry.  So even if you cannot get into Safe Mode there are other ways of doing this.  You are in good hands here, and very sorry about that other bad time you had a while ago. 

If you can get into Safe Mode, tell jeffce.

[jesamine]

No, just tried again....cannot get into safe mode through F8, nothing happens when I press the arrows, option remains on 'boot normally' and pressing enter also does nothing, so I had to switch off and start again. I also wasn't able to use System Restore recently, again nothing happened. Oh I do have faith in jeffce....I just don't in this computer! It's not new and I'm not sure it can withstand the alterations. If it's the pages on MySpace that are infected, not this computer?, what exactly are we trying to do?

Off issue, I was slightly concerned by this on the Extras.Txt:

ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected  address range. This could lead to system instability.

I removed the McAfee Security Scan.

[jeffce]

Hi,

Sorry to hear about your problems.  When you say "It's not new..."  how old is your system?  If your system is actually old, than it could be that Windows has just gotten a bit sloppy and a format/reinstall would be a prudent option.

As for the infections, the page on MySpace does seem to be infected but there are other little nasties that need to be removed. 

[jesamine]

Okay. The computer is Dell and 12 years old, a PC World technician wiped it clean and reinstalled XP 2-3 years ago. It's not really worth further work though, it's rather low on RAM, which cannot be easily upgraded (Rambus)....and I cannot afford a new one at the moment. 

[jeffce]

Hi,

Well just because it is an older system let's not give up yet. 

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  
  
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
----------

[jesamine]

Rather nervous about this...."On each restart of the machine, a black screen will offer you the option to boot into recovery consule mode. For normal use, just ignore the black screen. Windows shall boot normally in 2 seconds." The dreaded black screen....please re-confirm that it will boot normally automatically without me pressing arrows or enter won't it?

All was working very well on my computer until I downloaded SP3....started to have problems directly afterwards....lost the Help and Support Centre too, can't search on it now, no results show. I tried to remove SP3, but couldn't do it.

I have over time been plagued by Canadian **SPAM** emails and I suspected at one time that something may have been done to my computer.

**Please note that I do not have a Windows XP CD and I have just read: "To install the Recovery Console, you will need your Windows XP CD.**

[jeffce]

Hi,

please re-confirm that it will boot normally automatically without me pressing arrows or enter won't it?

Yes it should. 

Do you have anyone that you might be able to borrow a Windows CD from? 

[jesamine]

I'm afraid not. 

Shame I couldn't complete OTL without using safe mode.

I guess we're running out of options here? What could these 'nasties' do though if I were to leave them?
 

[jeffce]

What could these 'nasties' do though if I were to leave them?

Well they could lead and open doors for more serious infections that could steal information from you like passwords, account numbers and such...
----------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System.  Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

• Drag the setup package onto ComboFix.exe and drop it.
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

• At the next prompt, click 'Yes' to run the full ComboFix scan.
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt in your next reply.

[jesamine]

Hi,

I have Windows XP Home Edition and SP3. So I need to download SP2 (as you advised) and XP Home Edition as well, correct?

Re: Transfer all files you just downloaded to the desktop of the infected computer. How do I do that please? I didn't know how to download OTL to my desktop either....there's no icon there.

[jeffce]

Hi,

No you only need to download the files for Windows XP Service Pack 2. 

What browser are you using for the downloads??  IE, Firefox, Chrome...

[jesamine]

Firefox

I'm worried about whether I'd actually be able to boot up in 'Recovery Console' mode when I can't use arrows and enter to boot up in anything other than normal mode. Would I need to use those? Also worried that I am not able to use System Restore.

Would I be able to use the XP Setup disk to carry out a clean installation in future if needed, only I would rather download that if the answer is yes?

In case you are not about to answer this: Reminder: Re: Transfer all files you just downloaded to the desktop of the infected computer. How do I do that please? I didn't know how to download OTL to my desktop either....there's no icon there.

[jeffce]

Hi,

To download files to your Desktop in Firefox do the following: 

Open Firefox >> click on Tools >> Options >> in the General tab >> check Always ask me where to save files and this will allow you to select Desktop as the location to download your files to. 
------------

Let me clarify...are you unable to use your keyboard as well?  Is that in both Normal and Safe Mode?

[jesamine]

Keyboard use generally is fine, however, after I pressed F8 for the boot menu I tried to select safe mode using my keyboard, but nothing happened with the up/down arrows, it was stuck on normal boot....I tried to select that with 'enter'....again nothing happened, so I had to manually switch off and boot normally.

It's like something (SP3?) has knocked out important functions on this computer, I did not have these problems after the fresh installation of XP.

I really appreciate your time and effort in helping me.