I find this Malware Virus …
Please Help me
The Avast message is:
URL: h==p://stream-xtech.eu/xmlrpc.php
Processo: C:\Windows\Explorer.EXE
Infezione: URL:Mal
in attachment my OTL log
Tks a lot
Could you run AswMBR please
Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the “Scan” button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRScan.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
THEN
Re-run OTL and ensure all users is selected
My logs: aswMBR and OTL
Download the latest version of TDSSKiller from here and save it to your Desktop.
[*]Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG
[*]Then click on Change parameters.
https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG
[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
[*]Click the Start Scan button.
[*]If a suspicious object is detected, the default action will be Skip, click on Continue.
https://dl.dropbox.com/u/73555776/tdss%20threat.JPG
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
[*]Get the report by selecting Reports
https://dl.dropbox.com/u/73555776/tdss%20report.JPG
[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
The message exceeds the maximum allowed length (10000 characters).
See file in attach
Are you still getting the alerts ? As I can currently see no malware
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
It’s locked, see attach.
The message is again
URL: h==p://stream-xtech.eu/xmlrpc.php
Processo: C:\Windows\Explorer.EXE
Infezione: URL:Mal
Could you retry coombofix from safe mode, if that fails we will do something else
Coombifix run in safe mode, it fails again.
Restarted pc, the messages is again
Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop
[]Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
[]Launch drwebliveusb.exe.
[*]The program will detect available USB-devices automatically and prompt you to choose the one you’d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).
https://dl.dropbox.com/u/73555776/liveusb_ru.jpg
[]To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
[]Files will be copied automatically.
[]Once the copying process is completed, press the Exit button to close the application.
[]Reboot the infected computer with the USB in the drive
[]Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
[]As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.
http://i1224.photobucket.com/albums/ee362/Essexboy3/Dr%20Web%20shots/livecdbootscreen.gif
[*]Use arrow keys to select DrWeb-LiveCD (Default)
[*]When the system is loaded, check the disks or folders you want to scan, and click on ?Start?.
http://i1224.photobucket.com/albums/ee362/Essexboy3/Dr%20Web%20shots/livecdDriveselection.gif
[]The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
[]Once completed reboot to normal windows
[*]No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist
I have same problem.
avast has blocked a threat (trojan horse) and the pops up appears constantly. it happens all time (every minutes). what should I do to fix this problem? thx
hey ayaanoo please start your own topic and follow this guide. attach the logs. a malware expert will help you from there.
I created a bootable USB flash drive.
I rebooted the computer with the USB in the drive.
As loading starts, I choosed the Live Cd.
The system is loaded and is stopped (black window in graphic mode), it does not work.
OK there is obviously a new variant MBR out there
When you reboot the computer is there an option for recovery console as it boots ?
If so download to your C drive
Reboot to the recovery console
At the command prompt type CD…
Until you get to the C:> prompt
Then type FRST.exe
The tool will start to run.
When the tool opens click Yes to disclaimer.
https://dl.dropbox.com/u/73555776/FRST%20Start%20scan.gif
Press Scan button.
It will make a log (FRST.txt) on the C drive. Please copy and paste it to your reply.
When I reboot the computer is NOT there an option for recovery console as it boots…
Download Peazip to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly
https://dl.dropbox.com/u/73555776/peazip.jpg
Download the following files to the desktop … Right click the links and select save as…then select desktop
Right click OTLPE on your desktop and select …Open as archive
https://dl.dropbox.com/u/73555776/Unzup%20archive.png
Select OTLPE standard
https://dl.dropbox.com/u/73555776/select%20archive.PNG
Click Extract, ensure that desktop is selected
https://dl.dropbox.com/u/73555776/extract%20archive.PNG
Insert the USB stick Then run Rufus
https://dl.dropbox.com/u/73555776/rufus.JPG
Select the ISO file on the desktop via the ISO icon.
Press Start Burn
https://dl.dropbox.com/u/73555776/RufusISO.JPG
Once the USB has burnt then
[*]Download Farbar Recovery Scan Tool and save it to the flash drive.
[*]Reboot your system using the boot USB you just created.
Note : If you do not know how to set your computer to boot from USB follow the steps here
[]As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads 
[]Your system should now display a Reatogo desktop.
[]Locate the flash drive and run FSRT
[]The tool will start to run.
http://i1224.photobucket.com/albums/ee362/Essexboy3/Farbar/FRST2.gif
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Ok in attach
Again nothing showing there, lets see if Gmer can locate anything
Download the GMER Rootkit Scanner. to your Desktop, it will be a randomly named .exe file .
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click the file you downloaded. The program will begin to run.
https://dl.dropbox.com/u/73555776/GMER_Open.JPG
Caution
These types of scans can produce false positives. Do NOT take any action on any “<— ROOKIT” entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
[*]Click NO
[*]In the right panel, you will see a bunch of boxes that have been checked … leave everything checked and ensure the Show all box is un-checked.
[*]Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
[]Click OK.
[]GMER will produce a log. Click on the [Save…] button, and in the File name area, type in “GMER.txt”
[*]Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
In attach two logs:
quick_gmer—> quick scan
C_D_gmer —> disk C&D scan