I don’t know much about computers, or viruses, all I know is lately I get a lot of those ‘fake alert’ worms - virus alerts from antivirus software you don’t have (not a LOT, like three times in the last year)…
And every time I just reboot in safe mode and go back to my last known safe configuration, and the alerts stop.
But THIS time, the alerts have stopped but now I keep getting a “Malicious URL Blocked” Notification from Avast, sometimes when my web browser isn’t even open, like every half an hour, for the exact same object every time…
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
Download OTS to your Desktop and double-click on it to run it
[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.
Aaaand… during the OTS scan, I got another Mal URL Blocked notification AND a window popped up to say “avastUI.exe has encountered a problem and needs to close. We are sorry for the inconvenience. If you were in the middle of something, the information you were working on might be lost.”
But then the scan just continued again. …Hope that’s not a problem.
Hi Kristettte, lets remove all the bad boys and associated rubbish from your system. The OTS fix may take a while as all your temp folders are full. Also did you turn off system restore ?
Save the log as before and post in your next reply
THEN
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< FireFox Extensions [Program Folders] > ->
YN -> No name found ->
YN -> Hosts file not found ->
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "diisorvl" -> C:\WINDOWS\Temp\pfrickpek\ngbredqxsik.exe [C:\WINDOWS\TEMP\pfrickpek\ngbredqxsik.exe]
YY -> "effppwjytn" -> C:\WINDOWS\Temp\wekjkxbhjz\azbifsdcml.exe [C:\WINDOWS\TEMP\wekjkxbhjz\azbifsdcml.exe]
YY -> "Spyware Protection" -> C:\Documents and Settings\NetworkService\Application Data\defender.exe [C:\Documents and Settings\NetworkService\Application Data\defender.exe]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "diisorvl" -> C:\WINDOWS\Temp\pfrickpek\ngbredqxsik.exe [C:\WINDOWS\TEMP\pfrickpek\ngbredqxsik.exe]
[Files/Folders - Created Within 30 Days]
NY -> gN31002DgFcE31002 -> C:\Documents and Settings\All Users\Application Data\gN31002DgFcE31002
[Files/Folders - Modified Within 30 Days]
NY -> null0.20464395933339452.exe -> C:\WINDOWS\System32\null0.20464395933339452.exe
NY -> hnpdk455onbm7h4186gu11ph7620 -> C:\Documents and Settings\All Users\Application Data\hnpdk455onbm7h4186gu11ph7620
NY -> ko01y0s584ow7nr338j53g4dfi6j041507 -> C:\Documents and Settings\All Users\Application Data\ko01y0s584ow7nr338j53g4dfi6j041507
NY -> PKP_DLdw.DAT -> C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
NY -> PKP_DLdu.DAT -> C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[Files - No Company Name]
NY -> syssvc.exe ->
NY -> null0.20464395933339452.exe -> C:\WINDOWS\System32\null0.20464395933339452.exe
NY -> hnpdk455onbm7h4186gu11ph7620 -> C:\Documents and Settings\All Users\Application Data\hnpdk455onbm7h4186gu11ph7620
NY -> hnpdk455onbm7h4186gu11ph7620 -> C:\Documents and Settings\LocalService\Local Settings\Application Data\hnpdk455onbm7h4186gu11ph7620
NY -> irh.exe ->
NY -> ko01y0s584ow7nr338j53g4dfi6j041507 -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\ko01y0s584ow7nr338j53g4dfi6j041507
NY -> ko01y0s584ow7nr338j53g4dfi6j041507 -> C:\Documents and Settings\All Users\Application Data\ko01y0s584ow7nr338j53g4dfi6j041507
NY -> d370ib50k8d5s35bk41t72fyy28xc84 -> C:\Documents and Settings\Owner\Local Settings\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[File - Lop Check]
NY -> gN31002DgFcE31002 -> C:\Documents and Settings\All Users\Application Data\gN31002DgFcE31002
[Custom Scans]
< hklm\software\clients\startmenuinternet|command /64 /rs > ->
YN -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> "C:\DOCUME~1\OWNER\LOCALS~1\TEMP\0.6655565011270769.EXE" -A "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE"
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Will do that right now… THANK YOU So exactly what “bad boys and associated rubbish” do I have on my system and how did it get there? Also, I have no idea if I turned off “system restore”… But I followed all your instructions
WHOOPS first hurdle: I re-ran aswMBR, did the Scan, then clicked Fix when the scan was complete, but when I went to minimize the window my PC froze, so I rebooted, did everything again and when I clicked Fix I got this pop-up:
“WARNING!! Writing a new master boot record to your system partition could damage your partition tables and cause your partitions to become inaccessible. This application writes standard Windows MBR code. Are you sure you want to fix the MBR?”
I am having the exact same problems for the last 2 days. Googled “malicious url blocked avast” and came across this topic. I’ve tried rebooting in safe mode and running scans with Avast/Spybot/Malwarebytes, and “fixing” reported problems, but nothing has helped. Every so often, I get a popup saying “malicious url blocked”. A snapshot of the most recent one is attached.
(1) Spybot comes up with a Click.GiftLoad hijacker that I have been unable to get rid of. I am not if as a result of this, I have several svchost processes that have slowed down my computer. Tried deleting the “feature browser emulation” key in my registry multiple times without success.
(2) Malwarebyte also catches some problems and “fixes” them, only to have them return at the next scan.
(3) Avast comes up clean on doing a scan of my C drive though
I have downloaded both aswMBR.exe and OTS, but will wait for further instructions. If someone could help me fix this problem, I will be very very thankful.
Then Start you own new topic (http://forum.avast.com/index.php?board=4.0, click the New Topic button at the top of the page), so as not to confuse this one with trying to help multiple people in the same topic.
Read Reply #4 by essexboy above and start the process off in your new topic and run the tools in order, attaching the logs to the post (Additional Options in the reply window).
I apologize, i should have read the forum guidelines before posting… i will repost in a separate topic, along with the logs that will be necessary. Thank you again for responding so quickly.
So exactly what “bad boys and associated rubbish” do I have on my system and how did it get there? Also, I have no idea if I turned off “system restore”… But I followed all your instructions 