Kept getting Avast warning every 4 or 5 minutes re ‘URL:Mal’ for site I wasn’t even trying to access.
Details: avast! blocked you from visiting an infected webpage
Infection Details
URL: "hxxp://www.socialnewsworld.com/index.php?aff_id
Process: "C:\Program Files\Internet Explorer\IEXPLORER.EXE
Infection: “URL:Mal”
So I’ve tried everything mentioned in topic http://forum.avast.com/index.php?topic=53253.0 and had no warning since. Just wondered if one of Malware guys could tell me if I have anything more to worry about or has problem been erased and I can rest easy?
Here’s MBAM report
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.04.02
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
??? :: ??? [limited]
04/04/2012 09:24:00
mbam-log-2012-04-04 (09-24-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183946
Time elapsed: 17 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) → Quarantined and deleted successfully.
HKCU\SOFTWARE\Online Add-on (Trojan.Zlob) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features (Trojan.Zlob) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center (Trojan.Zlob) → Quarantined and deleted successfully.
Registry Values Detected: 4
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{02FFAC45-0B10-5633-4296-1801F1A36678} (Trojan.Agent) → Data: → Quarantined and deleted successfully.
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer|{02FFAC45-0B10-5633-4296-1801F1A36678} (Trojan.Agent) → Data: ऑෲ → Quarantined and deleted successfully.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer|{02FFAC45-0B10-5633-4296-1801F1A36678} (Trojan.Agent) → Data: ऑෲ → Quarantined and deleted successfully.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{02FFAC45-0B10-5633-4296-1801F1A36678} (Trojan.Agent) → Data: → Quarantined and deleted successfully.
Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) → Bad: (0) Good: (1) → Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.Userinit) → Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (Userinit.exe) → Quarantined and repaired successfully.
Folders Detected: 2
C:\WINDOWS\system32\lowsec (Stolen.data) → Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) → Quarantined and deleted successfully.
Files Detected: 3
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) → Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) → Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) → Quarantined and deleted successfully.
(end)
Here’s OTL & aswMBR stuff
Thanks in advance. Paul