system
1
I keep getting popups from Avast! About a non-trusted mail certificate, and I have run scans in both Avast! and MBAM, but nothing has been picked up.
Each time it pops up, it is for a different domain. I woke up today to about 15 different popups from avast about it. Sorry I didn’t make any screenshots, but I was in a hurry, normally I would have. I will update this post with an image of the popup later if possible.
Please help!
Edit: Still no screenshot of the message, but I would like to clarifiy that the Domains are things like 638bhcnsvb486.com or ycbay73bau2etr.ruysby.net - Make no sense (Btw, those don’t exist, I made them up as an example)
Edit2: I have a Screenshot now.
Pondus
5
Attach OTL diagnostic logs http://forum.avast.com/index.php?topic=53253.0
A log expert will be notified and analyze it…
system
6
system
7
Again… And By the way, I have checked, and none of these Domains are registered.
Hmm an intriguing on this
Did you install MEGAsync
Download the latest version of TDSSKiller from here and save it to your Desktop.
[*]Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG
[*]Then click on Change parameters.
https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG
[*]Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
[*]Click the Start Scan button.
[*]If a suspicious object is detected, the default action will be Skip, click on Continue.
https://dl.dropbox.com/u/73555776/tdss%20threat.JPG
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
[*]Get the report by selecting Reports
https://dl.dropbox.com/u/73555776/tdss%20report.JPG
[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please attach its contents on your next reply.
system
9
Yes, I did install Megasync, and I am finding it very useful. All it needs now is to implement some changes from dropbox, like sharing a folder between accounts.
TDSSKiller found 2 Suspicious, One was my UnSigned Theme DLL, and the other was KMSPico. Yes, I do have a Legal Licence for Office 2010 through my school, but the key was bad, and they refuse to give me another one.
TDSSKiller Log Attached.
OK that is the MBR cleared
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
system
11
ComboFix Log
It runs slow when it is starting, taking about 5 minutes to boot, and 3 minutes to login (this is due to a BIOS setting involving Switchable Graphics). After that it runs fine, except for the annoying popups from Avast! About the mail.
I havn’t seen another mail popup yet, so that is good.
Could you monitor it for a day or so, that will enable me to determine whether the service removed by combofix was bad
system
13
Very well, I will keep an eye on it, and report back. Question: What was the name of the removed service?
Name of the Service Deleted: KMSELDI
system
15
Ok, so I just got the popup again 
What e-mail client are you using ?
system
17
I am not using any Mail Client other than Firefox and Gmail’s website.
Also, I would like to ask why my previous account was banned? I just came back to reply, and it was perm banned? I could not find a way to appeal the ban either.
I have just checked, and as far as I can see you are not banned
Could you change your password on your gmail account and delete all unwanted/spam e-mails
system
19
Ok, Changing the Password and Cleaning it up now.
Also, when I try to log in I get this message:
An Error Has Occurred!
Sorry Krutonium, you are banned from using this forum!
This ban is not set to expire.
Hmm weird about the ban
Let me know if the certs failure appears after these changes