Malicious URL blocked pop-up

I’ve been having intermittent issues for a while now with a Network shield pop-up for a malicious URL blocked. The URL in question is “http:// stats.mydatastatssrv.com/stats.gif?action”. I first ran a scan using mbam about a month ago and found several objects and successfully removed them. I followed this scan up with another scan using mbam showing a clean system. Both of these initial logs have been attached (dated 2014-02-17).

Today I received the same pop-up and performed a third scan finding yet more items for removal. All items were successfully removed and the log is attached (2014-03-14).

Given my recent experience of this issue recurring, I am not convinced that the issue has been resolved and I would greatly appreciate any assistance in determining the cause of these pop-ups. I also downloaded and ran both OTL.exe and aswmbr.exe and will post the associated logs in a reply post to this one.

Attached are the OTL.exe and aswmbr.exe logs I referenced above.

I meant to include this above but forgot. I use chrome as my browser and generally the pop-ups seem to come up as soon as I open chrome before I actually start browsing anywhere besides my google home page. I don’t think I can say that it has never happened any other time but that is my best recollection based on what it did most recently. Also, the pop-up occurred most recently three times in relatively rapid succession (although in the past it seems I only received it once).

Let me know if this stops it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-3918443845-2643131500-1363349224-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&affID=119351&tt=gc_150213_neue&babsrc=SP_ss&mntrId=CA1CC0CB389DFFBF
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O15 - HKU\S-1-5-21-3918443845-2643131500-1363349224-1001\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)

:Files
C:\Users\Tice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

I completed all of the steps above and have attached the resulting logs. No pop-ups yet.

Once you are happy let me know and I will tidy up

Ok. Thanks so much for all your help. You rock! I’ll plan to monitor for several days and I’ll check back in with a status update. Thanks again!

My pleasure :slight_smile:

I’ve been watching over the last week and I’ve had no new pop-ups in that time. I ran another mbam scan this morning and found nothing, so as of now it appears the issue has been resolved.

In that case methinks I will send you on your merry way :slight_smile:

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave: