Nordstrom, yahoo, sephora, blah blah. It’s always a malicious URL. One of the links was this: hxxp://controller.4seeresults.com/fsrSurvey/OTCImg?protocol
I don’t know if it’s my computer or what, but it is running slower so I’m doing what I can.
follow the guide and attach the logs…not copy and paste http://forum.avast.com/index.php?topic=53253.0
AdwCleaner
Malwarebytes
OTL
aswMBR
it may take hours before a malware remover arrive so be paitient
@ Rosh
Please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.
hereee
Did you install BitWineTaskbar ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
O3 - HKU\S-1-5-21-4170426184-2892845453-1331093089-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-4170426184-2892845453-1331093089-1000\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKU\S-1-5-21-4170426184-2892845453-1331093089-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
@Alternate Data Stream - 1254 bytes -> C:\ProgramData\MicrosoftaFMzxGWf76Gp13S66lZPGa0ypjez
@Alternate Data Stream - 1225 bytes -> C:\ProgramData\Microsoft:T7mDErGaxodZnpRvTSsr
@Alternate Data Stream - 1014 bytes -> C:\ProgramData\MicrosoftKGlJy22A3vtQWIvHeBx
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Yes but i’m pretty sure it’s not a virus it’s from a legitimate site. I will run this now
blah
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.new log requested ;)
Yes but i'm pretty sure it's not a virus it's from a legitimate site. I will run this nowwhat is a legit site?
Every 3.6 seconds a website is infected
http://www.scmagazine.com/every-36-seconds-a-website-is-infected/article/140414/
Do the redirects appear in all browsers or just one ?
I only try Firefox.
Could you try IE as well please
Well I didn’t have to do that apparently, its fine now. Thank you. Is there something else I should know?
If you are happy run OTL and press the cleanup button