malicious url blocked pop-up. plz help

hi, frnds. i m new in avast forum. plz help me to get rid of a problem.
now a day avast show “malicious url blocked” msg while using chrome, no such msg in internet explorer.
msg comes in every 10-15 second and specially when i click on any webpage. in msg every time this site “http://www.footprintsit.com/search/antic…” is blocked, though i did not open this site.
i installed Malwarebytes’ Anti-Malware. scaned and deleted malware but the problem continue. even Malwarebytes’ Anti-Malware show msg "Malwarebytes Antivirus Successfully blocked access to a poentially malicious website: "
how to stop this annoying thing. plz help.

follow this guide and attach ( not copy and paste) the malwarebytes log that show what was removed / OTL and aswMBR logs
http://forum.avast.com/index.php?topic=53253.0

how to attach logs. while replying there is no attach file option or “Additional options”

the attach option is just belowe the box you write the txt in

“attachment and other options”

i attached logs.

HOSTS File is bаd - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ххх.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 ххх.008k.com
and so on.

and Alternate Data Streams problems.

Windows XP Professional Edition Service Pack 2 :frowning: …need SP3 аnd all the patches.

Very similar to Kido

[2011/06/11 09:00:00 | 000,000,350 | ---- | M] () – C:\WINDOWS\Tasks\At1.job
[2011/06/11 09:00:00 | 000,000,350 | ---- | M] () – C:\WINDOWS\Tasks\At2.job

Install Microsoft patches MS08-067, MS08-068, MS09-001 (on these pages you will have to select which operating system is installed on the infected PC, download corresponding patch and install it).

i downloaded MS08-067, MS08-068, MS09-001 but did not install it yet , but now avast pop ups “malicious url blocked” is not coming. do i install them ???

In any case, you need to install SP3 and all latest patches.

And wait for the professionals, they will help you clean up your computer from unnecessary.

Hi,

Let me look these over and I will return as quickly as I can. :slight_smile:

Hi,

Download CKScanner by askey127 from Here & save it to your Desktop.
[*] Doubleclick CKScanner.exe then click Search For Files
[*] When the cursor hourglass disappears, click Save List To File
[*] A message box will verify the file saved
[*] Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply


CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\corel\corel graphics 11\custom data\bumpmap\cracks.cpt
c:\program files\corel\corel graphics 11\custom data\canvas\cracks2c.pcx
c:\program files\corel\corel graphics 11\custom data\tiles\cracks2m.cpt
c:\program files\spiderman 2 cracked\system\game0.ini
c:\program files\spiderman 2 cracked\system\game1.ini
c:\program files\spiderman 2 cracked\system\game2.ini
c:\program files\spiderman 2 cracked\system\running.ini
c:\windows\crackpdf.ini
scanner sequence 3.DD.11.VLAPWG
----- EOF -----

problem still exist plz help

be patient… jeffce cant be online 24hours…he also have work. :wink:

Hi,

Sorry for the delay…I had to work a double shift and didn’t get home until late last night.

P2P - I see you have P2P software BitTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a “safe” P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.

Run OTL.exe

[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL


:Services

:OTL
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\fimeve.exe -- (peaa5j0yhvna)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\kphaecetqxbm.sys -- (xbjonpfmky)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\tqsnqvcfu.sys -- (tmeyj)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\uvpjce.sys -- (qiezhkssl)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\ajvifj.sys -- (ntisjxdipoy)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\ejbmallkqc.sys -- (kuqiwki)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\ndxcwexrqvssd.sys -- (biqwpzaatejkxp)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1078081533-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 AF 5E A2 23 F6 CB 01  [binary data]
IE - HKU\S-1-5-21-1078081533-1844237615-839522115-1003\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
IE - HKU\S-1-5-21-1078081533-1844237615-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1078081533-1844237615-839522115-1003\..\SearchScopes\{7D9D7989-3CCD-46C1-AE94-87BFB378C658}: "URL" = http://in.search.yahoo.com/search?p={searchTerms}&fr=chr-spt_gen
IE - HKU\S-1-5-21-1078081533-1844237615-839522115-1003\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit.com/search.aspx?aff=106&q={searchTerms}
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-1078081533-1844237615-839522115-1003..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe File not found
O33 - MountPoints2\{3900d2bc-62a1-11e1-aa88-00241df35572}\Shell - "" = AutoRun
O33 - MountPoints2\{3900d2bc-62a1-11e1-aa88-00241df35572}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3900d2bc-62a1-11e1-aa88-00241df35572}\Shell\AutoRun\command - "" = H:\AutoRun.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2012/05/05 03:27:15 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/11 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/06/11 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )

thanks jeffce. yes i was using bit torrent, now i uninstalled it.

i run OTL.exe copy past the written code into the Custom Scans/Fixes box and Then click the Run Fix button at the top. after click “Run Fix” cursor change into Hourglass, i thought program is running i waited for more than 1 hr but nothing happen, i thought program is not working properly, so click on the otl window then it was showing “not responding” so i have to restart my computer. i tried two time. it is normal to take so much time for this process ?
could u tell me how approximate time it will take ?

Hi,

If you are having problems running in Normal Mode try to do so in Safe Mode. :slight_smile:

I’m having the same problem:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org

Database version: v2012.05.11.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Nick :: NICK-LAPTOP [administrator]

Protection: Enabled

5/11/2012 11:28:16 AM
mbam-log-2012-05-11 (11-28-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210733
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) → Bad: (“regedit.exe” “%1”) Good: (regedit.exe “%1”) → Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Nick\AppData\Local\Temp\FH\extension.exe (PUP.Soge) → Quarantined and deleted successfully.

(end)

Avast gives me this when I open Chrome:

URL: http://www.website-unavailable.com/?url Process: file://C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe Infection: al

@ Green727

Please start your own topic and we will get to your topic as quickly as we can. While you are waiting, follow the instructions here >> http://forum.avast.com/index.php?topic=53253.0 and attach the logs to your topic. :slight_smile:

this is the log.

Ok great! When you get the new scan with OTL complete please attach that as well. :slight_smile: