Author Topic: Avast keeps blocking malicious URL  (Read 3129 times)

0 Members and 1 Guest are viewing this topic.

Kumkani

  • Guest
Avast keeps blocking malicious URL
« on: June 08, 2012, 03:34:50 PM »
Infection Details
URL:   hxxp://uekbewfa.cn/4294044530?w
Process:   C:\WINDOWS\system32\svchost.exe
Infection:   URL:Mal

even when I don't have a browser open.  this pops up every few minutes, I scanned and removed files, boot time scan and rescan showed clean results.  but this still happens.   please help it's annoying!!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast keeps blocking malicious URL
« Reply #1 on: June 08, 2012, 03:38:01 PM »
Hi there this sounds like the new variant sirfef

Download OTL  to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
c:\windows\installer\@ /s
c:\windows\installer\*.@ /s
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs
THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
 Double click the aswMBR.exe to run it  Click the "Scan" button to start scan 



On completion of the scan click save log, save it to your desktop and post in your next reply



Kumkani

  • Guest
Re: Avast keeps blocking malicious URL
« Reply #2 on: June 08, 2012, 04:31:23 PM »
is there a way to paste it without having to save them as images, each log is over 1000 characters and the board won't let me post.  I'm saving them as images but they are long files.  Thanks by the way!

Kumkani

  • Guest
Re: Avast keeps blocking malicious URL
« Reply #3 on: June 08, 2012, 04:42:59 PM »
and the final

Kumkani

  • Guest
Re: Avast keeps blocking malicious URL
« Reply #4 on: June 08, 2012, 04:44:04 PM »
extras (i don't think the first posted!)

Kumkani

  • Guest
Re: Avast keeps blocking malicious URL
« Reply #5 on: June 08, 2012, 04:44:33 PM »
OTL (didn't post either?)


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast keeps blocking malicious URL
« Reply #6 on: June 08, 2012, 06:48:26 PM »
OK killing time  ;D

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :OTL
    O3 - HKU\S-1-5-21-1026699980-3759431130-400308832-1009\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\Installer\{5ac9a15f-1c84-9ca5-ff71-d3057ac93b0b}

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Kumkani

  • Guest
Re: Avast keeps blocking malicious URL
« Reply #7 on: June 08, 2012, 08:07:19 PM »
new otl

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast keeps blocking malicious URL
« Reply #8 on: June 08, 2012, 09:04:05 PM »
Could you confirm that the alerts have ceased

Please download Malwarebytes' Anti-Malware[/b]
 
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.[/b]