system
1
When I was surfing on a site chromeplus.org Avast prompted about a blocked malicious program. It was something like js:FakeAV-GE [Trj]. The link of that suspicious file was httb://www2.smartfhdefense.rr.nu/1e2f5910.js|%3E{gzip}. I think, that ChromePlus site was redirected to some strange sites. An another site was httb://sokoloperkovuskeci.com/in.php?g=82. Please note, that I changed the “http” word’s p to b due to the security reasons. I really have no idea what happened.
That looks like a link to a rogue av to me
Are you experiencing any problems ?
system
3
I ran Avast, Malwarebytes and Hitman Pro scans and they found nothing. I’ll post OTS and aswMBR logs soon.
system
4
Here’s the OTL, Malwarebytes and aswMBR logs as an attachment.
Looks good to I, I would recommend that you empty the temps though to be 100% sure. Saved by Avast ;D
Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
[*] Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Then run OTL and hit the cleanup button
system
6
When I ran TFC first time the BSOD came due to some reason, but when I ran it second time it completed and it asked to reboot. Do I have to wait the finishing of it after rebooting or can I use the computer immediately after the reboot? Here’s the log about that BSOD.
[b]- System
[ Name] Microsoft-Windows-Kernel-Power
[ Guid] {331C3B3A-2005-44C2-AC5E-77220C37D6B4}
EventID 41
Version 2
Level 1
Task 63
Opcode 0
Keywords 0x8000000000000002
[ SystemTime] 2011-09-03T13:07:40.192411800Z
EventRecordID 58085
Correlation
[ ProcessID] 4
[ ThreadID] 8
Channel System
Computer J***a-PC
[ UserID] S-1-5-18
Please note, that I hid my user name due to security reasons.
You can use it as soon as the boot is complete
Do you have a mindump at c:\windows\minidump ? If so if you could upload to mediafire I will take a look at it
system
8
Here’s the Minidump folder as a zip file uploaded to Mediafire: http://www.mediafire.com/?vn4e4ad6fumkm9l.
system
9
Was there something bad in the Minidump file?
For some reason (again) I am having trouble accessing mediafire
Could you try Megaupload please
DavidR
11
I don’t know what you need to check essexboy (any DNS server blocking), but I can connect to and download that file from mediafire. Albeit that the download took a while to even start, even though it was only 25KB.
Are you getting an error or is it just not connecting ?
I am getting a 404, I had this about a week ago for a few days. Then when I next got on the landing page had changed. With all my talk about security I never use dns servers, although I might give openDNS a whirl
DavidR
13
Currently, I can’t use OpenDNS since I’m on BT Infinity fibre optic, with its Home Hub and I can’t change the DNS server (I really liked OpenDNS).
Ok this is weird I can access it via the address cdn.mediafire.com but not using www I am wondering whether it is an ISP problem
Plus with this new system being a HP I am removing rubbish from it all the time
DavidR
15
Certainly weird, as I would have thought any ISP DNS blocking would normally be domain based and sub-domains would be included in that.
system
16
Here’s the same file uploaded to Megaupload: http://www.megaupload.com/?d=1Z815UJK.
Spooky mediafire is working again and now megaupload is refusing my connection…
OK the mindump gave us a driver terminating unexpectedly within the NTos kernel… Has this happened again since ? As these are usually just one off problems
system
18
It hasn’t happened after that TFC crash.
If you get any further problems let me know. I think both mediafire and megaupload were getting a bit miffed about the amount of files I am downloading ;D
system
20
My friend sent me some links, which were suspicious for me and I was so stupid, that I clicked those links. I ran Avast and Hitman Pro and they found nothing. Malwarebytes found some “Simulation.Spycar” variants, which I downloaded just to test Malwarebytes, so it didn’t found any real malware. Here’s Malwarebytes, OTL and aswMBR logs as attachments.