I’m not sure what started it, but for about 24 hours avast has been popping up the “Malicious URL Blocked” pop-ups every 3 minutes or so. The pop-ups happen all the time, whether the browser is open or not. Even when I was running the virus scan it continued to pop up. I’ve run Spybot, MalwareBytes and a full Avast scan and nothing was found. I also deleted all of my temporary files and cookies, but nothing has made a difference. I’m running Windows Vista and I can’t access the security logon screen either that is supposed to pop up when I press ctrl-alt-delete. It just brings me to a black screen.

I’ve attached an image of the pop-up warning.

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the logs and start your own new topic and attach the logs there, not in the LOGS topic.

MBAM Log:

Malwarebytes’ Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7638

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

9/2/2011 3:26:32 PM
mbam-log-2011-09-02 (15-26-32).txt

Scan type: Quick scan
Objects scanned: 185731
Time elapsed: 8 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL and aswMBR logs attached.

An interesting one this, I haven’t seen one of these reported by aswMBR.

I have asked a malware removal specialist to take a look at the logs. Hopefully he will be able to take a look before he logs off for the night.

The main thing that avast is keeping this in check by blocking access to malicious sites.

OK I will get you to run TDSSKiller now, and if that does not see it we will have to fix the MBR via the recovery console CD

Please read carefully and follow these steps.

[*]DownloadTDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKiller%20shots/TDSSKillermain.png

[*]If an infected file is detected, the default action will be Cure, click on Continue.

http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKiller%20shots/TDSSKillerMal-1.png

[*]If a suspicious file is detected, the default action will be Skip, click on Continue.

http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKiller%20shots/TDSSKillerSuspicious.png

[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.

http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKiller%20shots/TDSSKillerCompleted.png

[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.

Log attached

You need to save your log file in ANSI file format, see image, click to expand.

EDIT Typo

Did it give you the option to repair ?

If not

Create a Windows 7/Vista System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

[*]Click on Start(Windows 7 Orb) >> Run…(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

recdisc.exe

[*]Allow the[B] UAC(User Account Control)[/B] prompt via selecting [B]Yes[/B]. [*]You should now see a menu like the below:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/WTSRD1.gif

[*]Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
[*]Note: If a AutoPlay window pops up, just close it.
[*]When the SRD has been created you will see the below:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/WTSRD2.gif

[*]Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
[*]You now have a Windows 7 System Repair Disc.

When you reboot you will see this although yours will say windows 7. Click repair my computer

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg

Select your operating system

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg

Select Command prompt

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg

At the command prompt type the following

Bootrec.exe /FixMbr

[*]Once finished type Exit

Reboot to normal windows and run aswMBRagain please

Sorry about that. This is the log in ANSI format.
TDSS did find something and it did let me run the Repair. It rebooted just fine and since then there have been no pop-ups from Avast.

OK my attempted decipherment missed that bit ;D

Could you re-run aswMBR please to confirm that it has gone, plus I would like you to confirm that windows updates works