system
August 9, 2011, 2:44pm
1
I have been hit with the same virus many others have.
When doing a Google search and clicking on a safe link I get redirected to various random sites.
I am also getting the pop-up from avast that says.
I don’t have the exact details of the Avast Pop-Up, as I can’t get it to pop up now when I acutally need it. But it is something along the lines of:
Malicious URL Blocked
64.111.211.150
c:/documentsandsettings/???/sysmapdb.dll
URL: Mal
This seems to have spread to all users on the computer.
I have tried multiple scanners(MalwareBytes, Avast, Ad-Aware, TDSSKILLER).
None of them have returned any infections at all.
I have attached my first scan with OTL, this was my first time using this program. I left all of the settings to the default and check marked scan all users.
When I load OTL, avast pops up and says it’s potentially unsafe and gives the option to “open in sandbox” this is what I did.
Pondus
August 9, 2011, 2:55pm
2
When I load OTL, avast pops up and says it's potentially unsafe and gives the option to "open in sandbox" this is what I did.
you should not run it in sandbox
anyway essexboy prefer the OTS log so you can follow the guide here
http://forum.avast.com/index.php?topic=53253.0
Essexboy is notified…it may be some hours before he arrives
system
August 9, 2011, 3:27pm
3
OK I have attached the scanned version of OTS.
Thanks
system
August 9, 2011, 3:35pm
4
I have been hit with the same virus many others have.
When doing a Google search and clicking on a safe link I get redirected to various random sites.
I am also getting the pop-up from avast that says.
I don’t have the exact details of the Avast Pop-Up, as I can’t get it to pop up now when I acutally need it. But it is something along the lines of:
Malicious URL Blocked
64.111.211.150
c:/documentsandsettings/???/sysmapdb.dll
URL: Mal
This seems to have spread to all users on the computer.
I have tried multiple scanners(MalwareBytes, Avast, Ad-Aware, TDSSKILLER).
None of them have returned any infections at all.
I have attached my first scan with OTL, this was my first time using this program. I left all of the settings to the default and check marked scan all users.
When I load OTL, avast pops up and says it’s potentially unsafe and gives the option to “open in sandbox” this is what I did.
Do you have a bad hosts file.
////////////////////////////////////////////////////////////////////
O1 HOSTS File: ([2010/03/23 07:56:03 | 000,379,997 | R— | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
////////////////////////////////////////////////////////
Run: [Sysmapdb] C:\Documents and Settings\Steve’s\Local Settings\Application Data\DirectAuthenticationcdrom\Sysmapdb.dll ()
Sysmapdb.dll - send to VT - http://www.virustotal.com , and show the result on the forum and send the sample to the laboratory (virus@avast.com )
http://www.freedrweb.com/cureit/how_it_works/
Dr.Web CureIt! - you will correct the host file.
No problem I can use either OTL or OTS - me clever clogs ;D
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O4 - HKU\S-1-5-21-2234471834-1297456408-683464090-1015..\Run: [Sysmapdb] C:\Documents and Settings\Steve's\Local Settings\Application Data\DirectAuthenticationcdrom\Sysmapdb.dll ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
[2011/05/27 21:22:42 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~24567588r
[2011/05/27 21:22:01 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~24567588
[2011/05/27 21:21:47 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\24567588
:Files
ipconfig /flushdns /c
C:\Documents and Settings\Steve’s\Local Settings\Application Data\DirectAuthenticationcdrom
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the
Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the
Quick Scan button. Post the log it produces in your next reply.
system
August 10, 2011, 12:34am
6
Attached is my log file after following your instructions and running upon reboot
DavidR
August 10, 2011, 10:54am
7
Essexboy will be at work now 11:55am in the UK right now, so he will be back on-line later this evening. Same sort of time that his last post was made.
That looks better - have the alerts ceased ?
system
August 10, 2011, 7:36pm
9
So far today the browsing has been smooth.
Thanks for the help!!!
If you are still happy tomorrow let me know and I will remove my bits and bobs