malcious url blocked

Avast Free Antivirus / Premium Security
21

Hey,

Here you go (notebook1), there was one infected file which has been removed.

Thanks a million,

David

22

Could you now cntinue to the next system - have the redirects ceased on notebook 1 ?

23

Notebook 1, yes!

I’m nearly finished with 2 and 3.

Where were you from in Essex, I lived there for some time too…

24

No longer in Essex - now in Cornwall ;D Originally from Romford

25

Notebook2, it appears that this is clean! :slight_smile:

Yep, I know it, I lived for sometime in Billericay.

26

Hope you don’t mind me asking another question.

I also have a hard drive and a camera which I’m sure are infected. These have both been cleaned with Avast. Could there be something on there and how do I find out? For the hard drive, I copied (or my wife did) photos off one notebook1.

Thanks so much,

David

27

Mountpoints to remove from Notebook 2 - how is that running now ? I will need a further OTL run on system one when 3 is finished. Scan the externals with Avast ;D

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O33 - MountPoints2\{83f0a34a-4eb9-11df-88a2-00224384bbe2}\Shell\AutoRun\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found O33 - MountPoints2\{83f0a34a-4eb9-11df-88a2-00224384bbe2}\Shell\open\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found O33 - MountPoints2\{bb853c54-8597-11df-88c2-00224384bbe2}\Shell\AutoRun\command - "" = E:\RESTORE\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe -- File not found O33 - MountPoints2\{bb853c54-8597-11df-88c2-00224384bbe2}\Shell\open\command - "" = E:\RESTORE\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe -- File not found O33 - MountPoints2\{c0597d3d-4570-11de-87f7-00224384bbe2}\Shell - "" = AutoRun O33 - MountPoints2\{c0597d3d-4570-11de-87f7-00224384bbe2}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d24ecbe8-e57a-11de-887d-00224384bbe2}\Shell\AutoRun\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found O33 - MountPoints2\{d24ecbe8-e57a-11de-887d-00224384bbe2}\Shell\open\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found O33 - MountPoints2\{ec152226-e8f5-11df-8917-002243e21c9f}\Shell\AutoRun\command - "" = E:\APPInst.exe -- File not found

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

28

USB device_1

29

Where are we at, at the moment ? How many systems are running good ?

30

2 systems :slight_smile:

The 3rd system must have frozen because the screen hasn’t moved (see attached). I’m at the combofix stage (which I’m sure you know!)

The response is:

Scanning for infected files
This typically doesn’t take more than 10 minutes
However, scan times for badly infected machines may easily double

The screen hasn’t moved in the last 40 mins…

Any thoughts!?

DZ

31

Yep close - reboot to safe mode and try comboifx again, give it ten minutes and if it is not running throught the stages reboot again and run an OTL scan on that system - but the two done are OK ?

32

but the two done are OK ?
(DZ) Yes, they are fixed.

Here is the file for usb_device_2.

Thank you,
David

33

As far as I can see, are they behaving now ?

34

the usb devices, yes

35

Hi,

Unable to run combofix on notebook3, keeps hanging in normal mode or safe.
So, i ran mbam programme which returned 2 virus (see attached)

However, a malcious url appeared moments afte I closed down mbam programme.

Do you have any further bright ideas…

DZ…

36

Could you run an OTL scan on number 3 please - also what is the AV on that system ?

37

No AV, as I couldn’t pause Avast during the combi-fix stage…

See attached OTL.txt for notebook3

Thanks so much,

DZ

38

Combofix appears to have run as it quarantined some items

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL [2010/10/01 18:12:07 | 000,155,648 | ---- | M] () -- C:\HTGD0007.exe [2010/11/09 10:19:49 | 000,000,332 | -HS- | C] () -- C:\WINDOWS\tasks\rvlrcah.job

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Please download Malwarebytes’ Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

39

Here is the log from the OTL scan.

DZ

40

OK what is the status of your systems now

Can you reel them off 1-2-3