Help! Malicious URL blocked; **INFECTED** Win32:MDE-B [Susp], Win32:Malware-gen

Viruses and worms
1

[Symptoms]

Avast! keeps blocking “malicious URLs” when browsing with IE or FF.

[Scans]

AdwCleaner: found nothing, log attached ( AdwCleaner[S1].txt ).

Malwarebytes: found nothing, here is the report:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
lisa :: RT-IPWR-87-PC [administrator]

2/15/2013 10:22:11 AM
mbam-log-2013-02-15 (10-22-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 356945
Time elapsed: 1 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL: logs attached ( OTL.txt, Extras.txt ).

aswMBR: found the following, complete log attached ( aswMBR.txt ):

10:39:41.651 File: C:\ProgramData\Microsoft\Windows\DRM\ED38.tmp INFECTED Win32:MDE-B [Susp]
10:39:41.698 File: C:\ProgramData\Microsoft\Windows\DRM\ED39.tmp INFECTED Win32:Malware-gen

2
AdwCleaner: found nothing, log attached ( AdwCleaner[S1].txt ).
not correct.....the log is full AdwCleaner does not detect any malware, it removes browser/toolbar crap and your log is full of it. ;)
3

Could you post a screenshot of the Avast alert please

Also could you delete the shortcuts for IE and FF from the desktop and quicklaunch bar

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
C:\ProgramData\Microsoft\Windows\DRM\ED38.tmp
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
[2013/02/12 11:10:32 | 000,000,000 | -H-D | C] -- C:\Users\lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/01/23 11:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Defender
[2013/02/12 11:21:07 | 000,001,444 | ---- | C] () -- C:\Users\lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

4

RE: Screenshot – The machine is no longer producing ‘malicious url’ pop-ups via Avast!

I ran the fix in OTL, rebooted, then ran a full scan with OTL using the same custom scan settings as the first time. The log is attached ( OTL.txt ). I realize now I didn’t run the quick scan as you requested… I’ve been juggling cleaning this PC up with my normal workload.

Perhaps the malware has been eliminated? I hope so.

5

That’s good, it must have been in the shortcuts as I thought

Use the computer as normal and if all is well tomorrow let me know and I will tidy up