HELP about socketopencloud.su malware LOG

Dear master in this place, please help me with this kind of malware (check my attachment log and picture)

Symptom:
First is because some virus appearing in fake warning as “Security Shield” program. Then after i delete manually that virus using manual technic from searching at Ggle, everytime i connect internet and then open Gle Chrome also Mo*lla Firefox, i get alert about Malicious URL blocked (check my image attachment).
This malware infected my firefox.exe, chrome.exe, scvhost.exe.

What i do:

Ask:

  1. How to clean all of this virusses etc?
  2. Whats must i dont do right now? (is it ok to access website and login?)
  3. What is "MBR.dat"file?? its appear when i create log.

Ps: sorry i using med**fire to upload OTS Log.txt because the size is 300kb

THX

Essexboy is notified, he will review the log`s when he arrive, usually late UK time…

thank you very much bro… i hope essexboy will reply it ASAP…

He will still be at work right now, I will be a couple of hours before he is on-line normally.

Hi 'tis a TDL3 infection so we will do the following

Please read carefully and follow these steps.

[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png

[*]If an infected file is detected, the default action will be Cure, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png

[*]If a suspicious file is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png

[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png

[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.

THEN

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Check the box that says 64 bit
[*]Under Additional Scans check the following:

Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

[*]Under the Custom Scan box paste this in


%USERPROFILE%..|smtmp;true;true;true /FP
%SYSTEMDRIVE%*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

damn…wth is this

please look for my attachment

also look for my log from tdsskiller at this http://www.mediafire.com/?kmkp4gem6enyg3k

thx b4

It looks like a new variant

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[
]Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

bro essexboy…

i done doing combobox…please check my attachment

Lets see if we can get combofix to remove this instead

  1. Close any open browsers.

  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  3. Open notepad and copy/paste the text in the quotebox below into it:

TDL:: C:\Windows\system32\drivers\ndis.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

ok bro… i had already do what u told…

please check my attachment

ps: seriously this virus disgusting me…i really wanna format this pc…LOL

Well combofix couldn’t kill it - so Last big weapon

Download Dr Web from here Fill in the small form and download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

thx bro…its really works cured the virus… thx alot

It removed that file ? What name did it give to the infection ?