hxxp://rumolottra.com/aa/

Hello,

been getting the hxxp://rumolottra.com/aa/warning

Infection: URL:Mal

Process: C:/Windows\SysWow64\svchost.exe

Cannot find much online to help me get rid of this. Ran Malwarebytes and did a full system scan with Avast…found nothing. This warning box pops up every 5 minutes. How can I get rid of it…in easy to understand instructions? Thank you

Here are my txt files…

Anyone?

removal team does not work for avast, they are volunteers. They also have a life outside this forum, family, work, different time zone…

so be patient, it may take some hours before they are online… usually online after work hours european time

OK sorry…

OK lets use this first

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Thanks. I’ll do that as soon as I get home.

Just ran it. Here is the Combofix txt file. Rebooting now and we’ll see if it did anything.

Well that didn’t work at all. Pop up warnings still every 5 minutes, plus the debug window. Now what?

Ran Spyhunter also. It found something called “Conduit Search/Toolbar” that appears to be a problem. But apparently I have to buy the full version of Spyhunter to enable it to delete stuff it finds. Not sure I trust this. I also reset my Internet Explorer settings and rebooted my PC, but that did not work. I just don’t know what to do at this point.

Once you are under the care of a malware expert like essexboy, it is probably best not to do anything else other than follow his directions. Spyhunter is considered to be a Trojan Horse in some parts of the Internet, just so you know.

Please wait for essexboy to come back. He wants to help you out, but by going off in a different tangent could slow the cleansing process down a bit, I’m afraid, as the current logs you’ve provided him are not current anymore or valid. He may ask for new logs to see what changed, so…

This will fix it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

2014-10-18 19:52 - 2014-10-18 19:52 - 00000000 _____ () C:\Windows\system32\ommmh.dll 2014-10-18 19:51 - 2014-10-18 19:51 - 00081408 _____ () C:\Windows\system32\fqrau.dll 2014-10-18 19:51 - 2014-10-18 19:51 - 00003856 _____ () C:\Windows\System32\Tasks\{FDB7C37C-6E08-01C4-4489-D66C8FDF0303} Task: {D9BEB506-8BB6-4F67-8979-D11E0C390150} - System32\Tasks\{FDB7C37C-6E08-01C4-4489-D66C8FDF0303} => C:\Windows\system32\fqrau.dll [2014-10-18] () AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:ZzJEmoXfwWWbRPxabfMuxKj AlternateDataStreams: C:\ProgramData\Microsoft:E9bD9fPHzZsTCnhgNkRoZokxdy39 AlternateDataStreams: C:\ProgramData\Microsoft:HBaCoeEET3KqhJF1kwoyV AlternateDataStreams: C:\ProgramData\Microsoft:HMOUklLb9lhyy3YDjaNDK4aU AlternateDataStreams: C:\ProgramData\Microsoft:rjrkAN4MOVw4JtrHQCwyov AlternateDataStreams: C:\Users\Jeff\Cookies:84Z3WWlYbLqgMx7KDA8B0 AlternateDataStreams: C:\Users\Jeff\Local Settings:8BCca3e0IwwoOfkpTSpWJq8 AlternateDataStreams: C:\Users\Jeff\AppData\Local:8BCca3e0IwwoOfkpTSpWJq8 AlternateDataStreams: C:\Users\Jeff\AppData\Local\Application Data:8BCca3e0IwwoOfkpTSpWJq8 AlternateDataStreams: C:\Users\Jeff\AppData\Local\L5ckYwcXYJB:mmXiN2nZERuuRQyLtgnpqQ8QNzrn AlternateDataStreams: C:\Users\Jeff\AppData\Local\Temporary Internet Files:VZ8MYUGbHLHCKdm6WdUsPJ8 EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Thank you essexboy. Did the fact that I ran Spyhunter after I gave you my txt files change anything?

No not really as spyhunter is generally a waste of space. How is the computer now ?

I am at work now, so I will follow your instructions as soon as I get home…about 6 hours from now. Thank you.

Here is the Fixlog.txt

About to run AdwCleaner now.

Here is the AdwCleaner txt file

after I ran FRST and generated the txt file, I still had a pop up warning right after. I then ran the AdwCleaner, and the computer rebooted and generated the AdwCleaner txt file. I then put the PC in sleep mode and left it alone. I wanted to see what you know from the txt files before I touch it again. Thank you.

Theoretically the alerts should now be history, could you check it out please

OK so did the txt files tell you anything? I will check it out again after work. I just wanted to wait until I heard form you first.