Malicious URL Blocked Pops up everytime I visit a search engine

Everytime I visit a search Engine (Yahoo or Google), Malicious URL Blocked warning pops up. I am using Chrome as my default browser. I tried it out in IE and Firefox too. But its the same with every browser. I am using Windows 7 64-bit OS. I reinstalled avast, but didn’t work. I read through several similar posts in many forums. Tried out many things. But all in vain.

I ran MBAM and it showed me no infected files. I ran ESET Online Scanner and it showed me two files, I deleted them promptly. But the next time, I rebooted my system, it said something like missing dll “C:\Users\Chidambaram\AppData\Roaming\thisv.dll”. I remember this was one of the files which ESET showed me to be quarantined. To get the warning go temporarily, everytime I boot up, I went to Msconfig and checked it off my startup list. Now that I have deleted, is it some serious problem?

I am attaching my MBAM and OTL logs with this post. Kindly somebody help me.

I also ran TDSSKiller. It showed me few suspicious objects. That is all. No threats.

Any help? anyone?

I’m having exactly the same problem, particularly with Mozilla Firefox - was attacked by viruses about 10 times in the last 2 days. They were all stopped and quarantined, but what is going on??? I had to spend hours doing a full system scan, which found 3 viruses - so did Avast really block them or not?? I updated everything, all virus definitions, Windows, etc.

Avast tech support - you need to respond to this issue!

Guys,please make a seperate topic for each issue and not clutter other topics.

follow this guide: http://forum.avast.com/index.php?topic=53253.0

and attach the logs in your own created topic and not here…


kennymann - welcome to the forums!

It would be best to start your own topic in this same section of the forum rather than in someone elses topic.

When you do:

Go here : http://forum.avast.com/index.php?topic=53253.msg451454#msg451454

Read what essexboy needs you to use and post the results in the thread you start as attachments.

See an example here: http://forum.avast.com/index.php?topic=105816.msg842175#msg842175


@mani1629

Run this and let me know if it stops

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
IE - HKU\S-1-5-21-4113203903-3327302193-3114257622-1003\..\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}: "URL" = http://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=rjacs&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110728&user_guid=6AACDFD4AE7249939A0CA73918334436&machine_id=3f3b41c6fb1d760c40765e41449f3499&browser=IE&os=win&os_version=6.1-x64-SP1
FF - prefs.js..extensions.enabledAddons: {51AC38D9-FD86-11E1-8271-B8AC6F996F26}:2.0.14
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{51AC38D9-FD86-11E1-8271-B8AC6F996F26}: C:\Users\Chidambaram\AppData\Local\{51AC38D9-FD86-11E1-8271-B8AC6F996F26}\ [2012/09/13 04:35:20 | 000,000,000 | ---D | M]
[2012/09/13 04:35:20 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\CHIDAMBARAM\APPDATA\LOCAL\{51AC38D9-FD86-11E1-8271-B8AC6F996F26}
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-4113203903-3327302193-3114257622-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4113203903-3327302193-3114257622-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
[2012/09/13 04:35:20 | 000,000,000 | ---D | C] -- C:\Users\Chidambaram\AppData\Local\{51AC38D9-FD86-11E1-8271-B8AC6F996F26}

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Hi, I copy pasted the code and RAN FIX. But it didn’t work out. After OTL ran, it opened me a text file. I closed it, thinking that it would be saved in the desktop (Where the OTL is). But I cannot find it anywhere. May be it is not saved at all. I thought I should ask you before running OTL with the same code once again, to get the log file. Also, the problem is still present. Thanks for the reply.

PS: Before running the fix, I had selected the Scan all users check box in OTL. But I suppose, it shouldn’t make any difference, because we are just running the fix and aren’t scanning. Isn’t it so?

if you cant find that log, then create a new OTL log …like the first one you created
then essexboy can see if it is gone

I ran OTL scan again as per pondus’s suggestion. Have attached the log to this post. But still the problem persists.

Probably my fault as I missed one

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com:
[2012/09/20 01:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

:Files
C:\USERS\CHIDAMBARAM\APPDATA\LOCAL\{51AC38D9-FD86-11E1-8271-B8AC6F996F26}


:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

I pasted the scrip you gave and ran OTL. But when it executes this line
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\searchpredict@speedbit.com:
OTL stops there and task manager shows me it is not responding. I rebooted the machine and tried running OTL with the script again. The same thing happened.

Stuck here.

OK I will have to use a bigger hammer to crack this small nut

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

I have attached the combofix log. The problem still persists.

OK that showede nothing as well… It looks like the MBR infections are getting clever so lets check out that area

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

http://dl.dropbox.com/u/73555776/TDSSFront.JPG

[*]Then click on Change parameters.

http://dl.dropbox.com/u/73555776/TDSSConfig.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

http://dl.dropbox.com/u/73555776/TDSSFound.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

http://dl.dropbox.com/u/73555776/TDSSEnd.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

No malicious objects found. Only suspected objects found. Attaching the log with this post.

OK next question: Do you use a router and are other computers that use it experiencing the same problem ?

Yes I use a wireless router (Netgear). No, the other computer which uses the same network, doesn’t experience this problem.

OK could you run OTL again please, select all users and insert the following scan script

HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs

Then press run scan

Third run OTL Log attached