Avast Web Shield has blocked a harmful webpage or file and many others, (c.t.c.adlinker.net---movieroomreviews.com)
have downloaded tdsskiller,nothing, malwarebytes, nothing–i am a novice but can follow instuctions, i have alredy looked up these viruses on you site but most fixes said for a specific computer . please help
Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 12/12/2014
Scan Time: 5:47:55 PM
Logfile: malware log.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2014.12.12.08
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Eddie
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357138
Time Elapsed: 51 min, 52 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Please attach all logs…!! Don’t C&P them.
i am sorry i dont know how to atatch w/o copy and paste
It’s explained in the instructions. (Attaching logs)
i am sorry i red instuctrions dont no how 2 attach logs took me 12 minuites to type this
If you reply here you’ll find the option below the text box → “Attachments and other options”
help me how do i attach what you want
FRST.txt is a good start, also attach Addition.txt and aswMBR.txt.
i have fras on desk top --how do i get it to you sorry to be so stupid
Again, it’s all explained in the instructions.
threat has been detected every 2 seconds hard for me to do anything —can you not tell me hoh nto send logs
Well, just skip your other logs for now and wait…
This should reduce the problem greatly
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKU\S-1-5-21-1670539400-3726659046-2939763200-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks! Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN run a fresh FRST scan and include the additions.txt
thanks essexboy
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by Eddie at 2014-12-15 18:35:23 Run:1
Running from C:\Users\Eddie\Desktop
Loaded Profiles: Eddie & UpdatusUser (Available profiles: Eddie & UpdatusUser)
Boot Mode: Normal
Content of fixlist:
HKU\S-1-5-21-1670539400-3726659046-2939763200-1000.…A8F59079A8D5}\localserver32: rundll32.exe javascript:"..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
EmptyTemp:
CMD: bitsadmin /reset /allusers
“HKU\S-1-5-21-1670539400-3726659046-2939763200-1000\Software\Classes\CLSID{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32” => Key Deleted Successfully.
“HKU\S-1-5-21-1670539400-3726659046-2939763200-1000\Software\Classes\CLSID{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}” => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
“HKCR\CLSID{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}” => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
“HKCR\CLSID{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}” => Key not found.
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
Unable to cancel {E1986A85-A735-40D9-A7DF-E55E84D96CFF}.
{9110D5A9-E17C-4E64-8A5F-E7A56A232CB8} canceled.
1 out of 2 jobs canceled.
========= End of CMD: =========
now do you want me to post the FRST scan result and/or additios txt
if so do i copy paste them or some other method?
the computer seems to be running fine now.
scanned attached scan log and additions log. hope i did it right
Nice and clean … Any further problems ?
no problems, cant thank you enough–any other steps to remove the downloaded removal tools?