Hai,
Could anyone help me, please !?
Every few hours I get a pop up from Avast! (doing-doing-doing!)
“Kwaadwillige URL geblokkeerd” (sorry, I’m Dutch)
It keeps pointing at C:\WINDOWS\hticonswow.exe
It says Object: 91.217.153.48/…/t6DFUW_WXK5Q_WZFGIPQU_WSCZ etc. etc.
I just don’t know what to do. I’ve been scanning and removing, upgrading but unfortunately I’m not such an expert so "Still they come !! "
Could anyone advise me what to do ?
Pieter.
Hallo SiPi,
Lees dit eens (read this): http://www.prevx.com/filenames/1592097579825794728-X1/CDDBLANGKOWOW.EXE.html
Your computer may be infected and I will ask essexboy to contact you in this thread,
wait for him to appear, I think he has some cleansing to do, you probably visited or
tried to connect to an infected site with \hticonswow.exe on it. Inform here of abuse:
abuse at uahoster.org
groetjes,
polonus
Hi there
Hi there let me see what you have
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the “Scan” button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
THEN
Download OTS to your Desktop and double-click on it to run it
[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.