Malicious URL blocked (over and over and over........) how to stop it pls

I have this red Avast sign that keeps popping up. It runs between 11 to 13 times in quick sequence about every 5 mins. I suspect there may be other nasties also going on in the background that I don’t know about.

This is my kids computer and I’m unsure of what they were up to when this infection started.

Need help… I’ve run MBAM- shows nothing. I have run the AWcleaner, also.

Please please help!

A malware removal specialist has been informed of your topic.

Could you post a screenshot of the alert please as there is more information there

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.3
[2012/07/28 16:47:01 | 000,000,000 | ---D | M] (Fast Search by Surf Canyon) -- C:\Users\TheBoys\AppData\Roaming\Mozilla\Firefox\Profiles\c03mg28y.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2009/11/23 17:38:50 | 000,002,271 | ---- | M] () -- C:\Users\TheBoys\AppData\Roaming\Mozilla\Firefox\Profiles\c03mg28y.default\searchplugins\surf-canyon.xml

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

here are a few screen caps of what pops up. If you want all of them I can grab them.

Nope that gave me all I need

After the OTL fix has completed

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please attach its contents on your next reply.

Okay, trying to follow directions, but after OTL ran and rebooted, the computer would crash to blue screen before I could complete OTL quick scan as you requested. Minidump showed that the process that caused crash was MBAM, so I uninstalled it for now in order to get the machine to stay on. Will post new log and run tdsskillet ASAP.

OTL quick scan after 1st fix

OK, ran TDSSkiller, the program found a rootkit that it gave me the option to cure. I did the cure and and I was thinking it would give me a report with the rootkit it cured showing for you to see the baddy it found. Once it rebooted, and I scanned again, it only showed the 2 medium alerts that were skipped during the initial scan.

I screen capped the Avast log of the cure action that was taken. Attached.

Any idea if the 2 items it says are medium alerts should be ignored or dealt with in some way?

what avast detected was inside TDSSkiller quarantine folder. :wink:

Thank you guys, the issue is resolved.

If after 24hrs of running without problems then report that and essexboy will give you instructions on removal of the tools used and future protection, etc.

Could you locate and attach the TDSSKiller log please

It will be at C:\ TDSSKiller date time