I am posting a new thread asking for help because I did the first one incorrectly by pasting all of the logs intstead of just attaching them to my post. I will now attach them making it much easier for malware specialists to help me.
BACKGROUND: I encountered a problem with a svchost.exe virus or malware on my work computer last week. My PC got extremely slow and a blue screen appeared twice shutting down my computer. I already had Norton Internet Security running, but apparently that did not catch it. So yesterday, I downloaded various virus scanning and antispyware applications (Paretologic PC Health Advisor, Malwarebytes, Avast, and SuperAntiSpyware) to clean and then protect my PC. Per this board’s recommendations, I have removed NIS and am currently running Avast, MBAM and SAS.
SYMPTOMS: I keep receiving Avast notices stating that it has blocked two malicious URL’s (ololoshaface.com and c2pokerface.com) from svchost.exe that I am not trying to access. So it seems that I still have some type of problem and my system has crashed numerous times over the past 3 days when I have been attempting to address the problem or simply had multiple windows open.
I have attached screenshots of the Avast warning notices, as well as my MBAM, OTL, and aswMBR logs.
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please attach the log in your next reply.
Well, don’t think we are done yet? As essexboy is in England, there is a 6 hour difference in time zones from where I live. However, he should be online soon, as it is now 6:45 PM there. There is a period where one runs their system for at least 24 hours to see if any problems remain; then essexboy will offer to explain how to remove the tools used. Remnants of left over malicious files are what we are looking for now.
Glad we could help. All credit is due to essexboy and you.
Update: I have been on my computer for about 6 hours today and the Avast warnings have all ceased. However, when I chose to visit egotastic.com today, while viewing the website, I did recieve multiple MBAM messages that it blocked an attempt to a potentially malicious website. i have attached a screenshot of the message.
As soon as I left the site, the messages stopped. So I guess the lesson there is I shouldn’t visit that site anymore.
Just curious, what was the purpose of that TDSS rootkit that i was infected with? Why was it trying to access those sites from my computer. Is it pilfer my passwords, etc.?
It was not the site you were visiting that was the problem, but a site linked to that site. SHARKtec.net is a less-than-reputable site, so Malwarebytes was blocking that file from going out from your computer. See: http://www.networksolutions.com/whois/results.jsp?ip=204.188.215.194 Would suspect there is still an active agent on your system that Malwarebytes is preventing from connecting w/o your permission.