Hi, I have been recieving the message: ‘malicious url blocked’ on every website that I visit.
So I followed the instructions on this thread: http://forum.avast.com/index.php?topic=53253.0
I have attached the two OTL logs, can anyone help?
cheers
also attach the following logs
AdwCleaner
Malwarebytes quick scan
aswMBR
malware removers are notified. it may take hours before one arrive so be patient
Here are the mbam and adwcleaner logs, but I can’t get the aswMBR to work for some reason.
Is this enough?
you may try run it from safe mode…
if no success then wait for the removal expert…it may not be needed
I just tried again, and it crashed after about 30mins scanning.
I will wait for the expert and hope for the best
Hi,
Go to control panel > programs and features and uninstall:
"SinaVideo" = ÐÂÀËÊÓƵ "Sogou Input" = 搜狗拼音输入法 6.5正式版 "新浪Live" = 新浪Live
“Viscosity helper for 12VPN_is1” <— do you know this one? If not, uninstall this too
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool to your desktop.
[]Shut down your protection software now to avoid potential conflicts.
[]Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select “Run as Administrator”.
[]The tool will open and start scanning your system.
[]Please be patient as this can take a while to complete depending on your system’s specifications.
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[]Post the contents of JRT.txt into your next message.
Re-run OTL, just click on RunScan and attach here fresh OTL.txt logreport.
Here are the two requested files,
thanks
Hi, I wish to see this log too.
Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr
Double click dds to run the tool.
* When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.
here you go,
what do you think it could be at the moment?
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:REG
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="www.google.com"
:FILES
c:\users\user\appdata\roaming\mozilla\firefox\profiles\moc7uh4i.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\npConduitFirefoxPlugin.dll
c:\windows\system32\nso1AD1.tmp
c:\windows\system32\nsl7312.tmp
C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MOC7UH4I.DEFAULT\EXTENSIONS\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c
:commands
[CREATERESTOREPOINT]
[emptytemp]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
Download TDSSKiller and save it to your desktop
Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.
[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]
Please post the contents of that log in your next reply.
Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.
How to disable avast:
[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
Here you go,
thanks again
Check USB storage devices / removable drives
Download MCShield from one of the following links:
MyCity - Official download link
Softpedija - Mirror download link
[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that has made MCShield.
Start → All Programs → MCShield → Logs
Attach here → AllScans.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
I can’t find the USB i used to use,
I think it may have had a virus, so I threw it away,
is there any other way I can find the Malware?
Also, I haven’t used said USB for a long time
I think it may have had a virus, so I threw it away,LoL ;D
How’s your computer running now? Do you still have malware URL warnings?
Yes, I do still have the warnings - still on ‘normal’ websites
That’s why I’m confused…
Ok, don’t worry, we will use diferent tool now.
Please download zoek.exe and save it to your desktop.
[*] Close any open browsers.
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
Click the options and check below:
[b]
Recently Created
Startup Information
Firefox Defaults
ResetChrome
ResetIEProxy
ShorcutFix
IE Defaults
AutoClean
[/b]
[*] Click on Run script button
Please wait until a logreport will open (this can be after reboot)
[*] Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
I downladed zoek.exe, and had no luck there - it never complted the scan - and then was difficult to get rid of, or to restart.
I have now delted it from my computer, and after a restart it finally went away. should i try downloading and running again?
@Sunwei
Open a new topic and attach logs there. Someone will help you. 
@guangzhounick
The real problem is in browsers extensions. Reinstalling browser would solve the problem but first let’s try this one:
- manual clean
-Re-run Firefox
-Click on Firefox button > Add-ons > Extensions
- any extensions that you don’t know or last one you have been install (before problem) uninstall it.
- Restart your PC.
- reset firefox to default
At the top of the Firefox window, click the “Firefox” button,
go over to the “Help” sub-menu
(on Windows XP, click the Help menu at the top of the Firefox window) and select “Troubleshooting Information”.
Click the “Reset Firefox” button in the upper-right corner of the Troubleshooting Information page.
click “Reset Firefox” in the confirmation window that opens.
Firefox will close and be reset. When it’s done. Click “Finish” and Firefox will open.
Run Chrome in Incognito mode http://support.google.com/chrome/bin/answer.py?hl=en&answer=95464
=====================
Re-run OTL , just click on RunScan and attach here fresh OTL.txt logreport.