Author Topic: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts  (Read 39550 times)

0 Members and 1 Guest are viewing this topic.

Offline jeffce

  • Probably Not A Bot
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2460
  • Member of UNITE
    • Malware Removal
Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
« Reply #30 on: May 30, 2012, 02:15:07 PM »
Hi,

Let's look over your keyboard registry key...

  • Click Start > Run type Notepad click OK.
  • This will open an empty Notepad file.
  • Copy/Paste the contents of the box below into Notepad.
Code: [Select]
@echo off
regedit.exe /e "%userprofile%\Desktop\look.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Kbdclass"
Notepad.exe %userprofile%\Desktop\look.txt
Del look.txt
Del %0
  • Click Format and ensure Wordwrap is unchecked.
  • Save as RegExp.bat
  • Save as file type All Files or it won't work.
  • Now double click on RegExp.bat to run it.
  • A file look.txt will open on your Desktop, please post the contents in your next reply.

Offline jesamine

  • Jr. Member
  • **
  • Posts: 59
Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
« Reply #31 on: May 30, 2012, 08:00:11 PM »
@echo off
regedit.exe /e "%userprofile%\Desktop\look.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Kbdclass"
Notepad.exe %userprofile%\Desktop\look.txt
Del look.txt
Del %0

Offline jeffce

  • Probably Not A Bot
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2460
  • Member of UNITE
    • Malware Removal
Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
« Reply #32 on: May 30, 2012, 08:25:36 PM »
Did you have troubles with the instructions I provided?  There should have been a log created on your Desktop for you to attach.  :)

Offline jesamine

  • Jr. Member
  • **
  • Posts: 59
Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
« Reply #33 on: May 30, 2012, 09:03:41 PM »
Sorry, thought I'd managed it....that was what you gave me!  ;D Yes, said I couldn't save it to that location (All Files), eventually I did save it, but when I clicked on the file a black screen momentarily appeared then vanished.

Offline jesamine

  • Jr. Member
  • **
  • Posts: 59
Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
« Reply #34 on: May 31, 2012, 12:44:52 AM »
Well today my computer became slow and unresponsive (it's low on RAM) and my profile page was re-directed to: http://agrifarma.com/p/as?64206 before Avast could kick in to stop it (first time that has happened) and I then received a WOT red warning on it.

Offline jeffce

  • Probably Not A Bot
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2460
  • Member of UNITE
    • Malware Removal
Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
« Reply #35 on: May 31, 2012, 01:06:17 AM »
Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Offline jesamine

  • Jr. Member
  • **
  • Posts: 59
Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
« Reply #36 on: May 31, 2012, 04:01:21 PM »
I double clicked the TDSSKiller.exe on the desktop, was given a sole option to 'run', which I clicked and then nothing happened, I sat with a busy mouse icon for ten minutes with no window showing?


Offline jeffce

  • Probably Not A Bot
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2460
  • Member of UNITE
    • Malware Removal
Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
« Reply #37 on: May 31, 2012, 04:16:12 PM »
Hi,

Ok give it a run from Safe Mode and if a log is made attach it.  :)

Offline jesamine

  • Jr. Member
  • **
  • Posts: 59
Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
« Reply #38 on: May 31, 2012, 04:21:22 PM »
Just followed online advice here to rename it: http://www.bleepingcomputer.com/forums/topic372491.html, it has worked....scan box is now showing.  :)

Offline jesamine

  • Jr. Member
  • **
  • Posts: 59
Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
« Reply #39 on: May 31, 2012, 04:41:01 PM »
It says: No threats found. How do I find a copy of the log please? I can see it on the scan details, but can't copy it.

Offline jeffce

  • Probably Not A Bot
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2460
  • Member of UNITE
    • Malware Removal
Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
« Reply #40 on: May 31, 2012, 05:00:44 PM »
Hi,

If it said no threats found that is fine.

GMER

Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

    • Save it where you can easily find it, such as your desktop, and attach it in your reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
    .
    ----------

    Offline jesamine

    • Jr. Member
    • **
    • Posts: 59
    Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
    « Reply #41 on: June 01, 2012, 11:18:17 AM »
    Hi,

    Towards the end of the scan my computer abruptly stopped....a blue screen appeared: "A problem has been detected and Windows has been shut down to prevent damage to your computer" This is the second crash I have had, I'm too afraid to pursue this any further. I didn't see any issues listed up to that point. Would you kindly tell me how to remove GMER Rootkit Scanner, TDSSKiller.exe and OTL.
    « Last Edit: June 01, 2012, 12:03:56 PM by jesamine »

    Offline jeffce

    • Probably Not A Bot
    • Avast Evangelist
    • Massive Poster
    • ***
    • Posts: 2460
    • Member of UNITE
      • Malware Removal
    Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
    « Reply #42 on: June 01, 2012, 03:06:44 PM »
    I just want to clarify...Are you saying you don't want help any longer?  I only ask because I don't want to remove tools unless you are certain. 

    Offline jesamine

    • Jr. Member
    • **
    • Posts: 59
    Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
    « Reply #43 on: June 01, 2012, 03:36:44 PM »
    Although I don't like the idea of having 'nasties' on my computer and I do have complete faith in you, having a computer that is up and running is my main concern....I can't be without it. I have just had the same blue screen shutdown I had with the last scan, when I tried to carry out a dsk chk (which was clean after I managed to re-boot successfully). It said: Drive IRQL not less or equal....please check new installations (plus further instructions)?? I am worried that something has gone wrong, I have never had this type of shutdown before.

    Offline jeffce

    • Probably Not A Bot
    • Avast Evangelist
    • Massive Poster
    • ***
    • Posts: 2460
    • Member of UNITE
      • Malware Removal
    Re: Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts
    « Reply #44 on: June 01, 2012, 05:46:01 PM »
    Quote
    It said: Drive IRQL not less or equal
    Were you able to get the complete message that was shown by chance? 

    Let's check to make sure you don't have a failing hard drive. 

    Please download HD Tune (the free version not the trial), run an error scan on your primary harddrive (full not quick) and report back if any blocks aren't green. It tests your hard drive for bad sectors.
    « Last Edit: June 01, 2012, 05:47:53 PM by jeffce »