colexity777, espeak911, 37.220.36.44, Malicious URL Blocked

I’ve had issues with browsing the web lately, and web searches, specifically Google, become slower and more difficult to perform to the point that there was intermittent interruption of network connectivity and at times I could not connect at all. The wireless signal was recognized, but the browsers and programs would not connect and would return errors. After restoring the computer to a previous state Avast! Free (after reinstalled) now shows the items listed in the title of this post as blocked malicious URL’s.

I’ve begun following the steps listed in this post: http://forum.avast.com/index.php?topic=53253.0

I have the mbam log file, which is copied and pasted below. Follow up posts will include the additional attachments after the other recommended scans have been run. I would very much appreciate help from anyone who knows how to deal with this issue, or who has experienced the same problem.

mbam log:
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.30.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: LAPTOP [administrator]

Protection: Enabled

8/30/2012 2:33:12 PM
mbam-log-2012-08-30 (14-33-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229110
Time elapsed: 49 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Attached is the OTL.txt log file. I followed the steps from the link in the first post precisely, but OTL did not generate and “Extras.txt” file as mentioned there.

Hi, run and attach here aswMBR.txt log.
Here is guide for running and download link
http://forum.avast.com/index.php?topic=53253.0

Thanks magna86, I’m running that right now. I will post the log right after it completes.

attached is the aswMBR.txt log file. Any and all help is appreciated.

Hi, njk123 8)

Step#1

Download TDSSKiller and save it to your desktop

Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.

[*] Press Start Scan

[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]

Please post the contents of that log in your next reply.


Step#2

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

How to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.

Attached are copies of both that TDSSKiller log and the ComboFix.txt log. It appeared that you wanted me to post the TDSSKiller log in the reply, but it was too long to submit, so I attached the file instead.

Hi,

[*]Re-run TDSSKiller.exe and click on Change parametres.
[*]Under Additional options check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
[*]Click on Start Scan.
[*]If an infected file is detected, the default action will be Cure, click on Continue.
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
[*]Click the Report button and attach the contents of it into your next reply
Note:It will also create a log in the [b]C:[/b] directory.

Resulting log attached.

Please re-run TDSSKiller as before (with change parametres ) and use Delete option for this entry:

\Device\Harddisk0\DR0 ( TDSS File System )

How’s your computer running now?

TDSSKiller has been run again and I selected Delete for that entry.

As for how the laptop is running, there is nothing out of the ordinary right now, but I haven’t really been using it for anything other than these scans and trying to get it fixed. I’ve been running the scans on the laptop with issues, but posting my results from a different machine. I’ll be away for a bit, but will need the laptop when I return, so will use it as normal and report anything that comes up. I’m going to reboot and I’ve re-enabled Avast and Malwarebytes Anti-Malware. Let me know if there is anything else I should enable or disable before I give it a spin when I get back, and thanks very much for all of your help so far, I’m very grateful for it.

Ok. I will remove my tools and after removing them, enable your antivirus.
Your computer looks clean now. However, if you still get some problems or avast detections,just go back here and bump this thread. :wink:

It is necessary to uninstall the ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.


Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.

Delete C:\TDSSKiller_Quarantine < folder if is there.

Done. If I have issues in the future related to this, I’ll be sure to bump the thread. Many thanks for all of the help and have a great night magna86.