Malicious URL Blocked msg every 30 sec

This happens even with no browser open, the entire message is as follows: Infection Details
URL: http://ololoshaface.com/x/
Process: C:\WINDOWS\System32\svchost.exe
Infection: URL:Mal
I know this is some kind of Trojan virus but after scans with avast, malware bytes, and a few others it is still there Sophos had a page describing the virus but their free scanner doesn’t get rid of it either. This thing had my PC only able to boot in safe mode for a while but somehow it has recovered( Thank God ) but I am still getting these warnings, Thanks for any help anyone can give !

Attach The logs from The guide I gave you…

So sorry, that post has been deleted and I did not have it bookmarked…

http://forum.avast.com/index.php?topic=53253.0

Thanks !
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.30.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Buckeye Rob :: BONE-936665D783 [administrator]

Protection: Disabled

5/30/2012 11:54:07 AM
mbam-log-2012-05-30 (11-54-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231847
Time elapsed: 17 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

and the rest… OTL and aswMBR… attached, not copy and paste

when done a malware remover will be notified

Monitoring… :slight_smile:

The downloading of the OTL caused a crash and sent me back to safe mode. Avast warned me it was a suspicious file ( it wanted me to try it in some type of container, cannot remember the name)but I ignored it cause I figured coming from here it was safe…

if avast want to sandbox otl then select run normal

I did that is when the crash occurred, is it possible the link has been corrupted?

Just tried to run OTL again and the system crashed again, any suggestions?

This page describes the virus to a tee : http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~TDLRtk-F/detailed-analysis.aspx

Hi,

Please download DDS from one of the following links and save it to your desktop.

[]DDS.scr
[
]DDS.pif

[]Disable any script blocking protection (How to Disable your Security Programs)
[*]Double click DDS icon to run the tool (may take up to 3 minutes to run)
[
]When done, DDS.txt will open.
[]After a few moments, attach.txt will open in a second window.
[
]Save both reports to your desktop.

[*]Post the contents of the DDS.txt report in your next reply
[*]Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.


Please download aswMBR to your desktop.

[*]Double click the aswMBR icon to run it.
Vista and Windows 7 users right click the icon and choose “Run as administrator”.
[*]Click the Scan button to start scan.
[*]When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.


http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan-1.png

Click the image to enlarge it

In your next reply please post both of the logs created by DDS and the log created by aswMBR.exe. :slight_smile:

Sorry If I am doing this wrong, I had to attach both because it said my message was too long.

Here is the other, thanks !

Yes…please attach the logs from now on. I wrote that wrong earlier. :slight_smile:

So, should I keep trying to run the OTL even though it makes my PC crash ?

Hi,

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer’s settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Here we go…

Hi,

I notice that you have both Avast, AVG and PC Cleaner Pro as well as it looks like you had CA Antivirus as well running at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system. We will need to later uninstall either Avast or AVG or PC Cleaner Pro (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It’s fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you’re asking for trouble.

Let me know which one you would like to keep and we will remove the others.

[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:


ClearJavaCache::

DDS::
mStart Page = hxxp://search.searchonme.com/

File::
c:\windows\system32\drivers\kdwijva.sys

Driver::
eltytq

[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.