Infected computer

Any help would be appreciated.

  1. How was it detected? What was scanning, you yourself or the back-ground scanner? I was asked by some friend to look at their computer. They had run it without antivirus.hey pickeup up a trojan and then purchsed your software after the fact. It has done a good job blocking but every few minutes it pops up with a blocked

  2. What was the source of the file, where did the file come from?.: e.g. address, URL, source. Unknown the laptop was dropped off to me after infected

  3. When was it downloaded or received? I believe it was downloaded from visiting a website

  4. What is the exact file name with extension. unknown

  5. What was the exact wording of the message that the AV program came up with? Malicious url blocked object diffrent search id on each blockage Infection URL:Mal Process C:\Windows\explorer.exe

  6. Now go back and do nothing yet. Scan the particular file once again with your AV product. The only anti virus that shows anything is spybot search and destroy all the others do not show any thing

A. The message is in the same wording: maybe positive alert
B. If the message is not in the same wording or the scan does not find up anything this could be a false positive. redirects are to

Infection Details
URL: hxxp://gourmetpuma.com/search?id
Process: C:\Windows\explorer.exe
Infection: URL:Mal

Infection Details
URL: hxxp://clickered.com/cen?ci
Process: C:\Windows\explorer.exe
Infection: URL:Mal

Infection Details
URL: hxxp://t.mclarenz.net/click/?s
Process: C:\Windows\explorer.exe
Infection: URL:Mal

Any assistance would be appreciated

hi ratpup,

IMPORTANT: All url links posted here are live and infected! Please modify your first post so the live links are broken to prevent infection by another Avast! user visiting here and clicking.

You do this by changing http:// to hxxp:// See below for actual block by Avast! (done by mistake) below this post.

Thank you.

A malware expert has been notified for you.

Could you attach a screenshot of the Avast popup please

[*] Download RogueKiller and save it on your desktop.

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled

[*]Quit all programs
[*] Start RogueKiller.exe.
[*] Wait until Prescan has finished …
[*] Click on Scan

https://dl.dropbox.com/u/73555776/RKScan.GIF

[]Wait for the end of the scan.
[
] The report has been created on the desktop.

Downloaded rogue killer and attached report.
I also broke the link on the active viri from above sorry about that …
I can not seem to do a screen capture

OK I can see the culprit

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.