http://i020.radikal.ru/1106/b2/a5ab05abc087.jpg
And other “vaginaka.net/*”
At filling and form sendings there is a message from the program…
I do not know what to do…
Please help.
http://i020.radikal.ru/1106/b2/a5ab05abc087.jpg
And other “vaginaka.net/*”
At filling and form sendings there is a message from the program…
I do not know what to do…
Please help.
You may have a rootkit on your system as this is a common symptom of this the use of svchost.exe trying to connect to malicious sites. The vaginaka.net site is considered malicious by avast and hence the blocking of access.
Try this rootkit scanner.
Hello. I faced this problem too. At the end I recieved such output:
12:14:07.328 OS Version: Windows 5.1.2600 Service Pack 3
12:14:07.328 Number of processors: 2 586 0xF0D
12:14:07.328 ComputerName: MICROSOF-4EBBB0 UserName: Admin
12:14:07.984 AVAST engine 6.0.1125 defs: 11061301
12:14:07.984 Initialize success
12:14:09.781 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP3T0L0-7
12:14:09.781 Disk 0 Vendor: SAMSUNG_SP2504C VT100-41 Size: 238474MB BusType: 3
12:14:09.781 Disk 0 MBR read error 0
12:14:09.781 Disk 0 MBR scan
12:14:09.781 Disk 0 unknown MBR code
12:14:09.781 MBR BIOS signature not found 0
12:14:09.781 Disk 0 scanning sectors +488376000
12:14:09.781 Disk 0 scanning C:\WINDOWS\system32\drivers
12:14:14.750 Service scanning
12:14:15.515 Disk 0 trace - called modules:
12:14:15.531 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spjj.sys >>UNKNOWN [0x89bb3938]<<
12:14:15.531 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x89b24ab8]
12:14:15.531 3 CLASSPNP.SYS[f7637fd7] → nt!IofCallDriver → \Device\00000074[0x89bf3f18]
12:14:15.562 5 ACPI.sys[f7496620] → nt!IofCallDriver → \Device\Ide\IdeDeviceP3T0L0-7[0x89b66940]
12:14:15.562 AVAST engine scan C:\WINDOWS\system32
12:15:04.625 Scanning: C:\WINDOWS\system32\igfxtray.exe
12:15:04.640 File: C:\WINDOWS\system32\igfxtray.exe HIDDEN
12:15:04.640 Scan finished successfully
12:15:21.437 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\Admin\Рабочий стол\MBR.dat”
12:15:21.468 The log file has been saved successfully to “C:\Documents and Settings\Admin\Рабочий стол\aswMBR.txt”
What I need to do now?
There is no clear indication of an MBR rootkit, but I still think there is a different one hiding what is using the svchost to connect to the internet. I don’t know why this file/process would be hidden C:\WINDOWS\system32\igfxtray.exe HIDDEN
So you can try this tool.