Everytime I visit a search Engine (Yahoo or Google), Malicious URL Blocked warning pops up. I am using Chrome as my default browser. I tried it out in IE and Firefox too. But its the same with every browser. I am using Windows 7 64-bit OS. I reinstalled avast, but didn’t work. I read through several similar posts in many forums. Tried out many things. But all in vain.
I ran MBAM and it showed me no infected files. I ran ESET Online Scanner and it showed me two files, I deleted them promptly. But the next time, I rebooted my system, it said something like missing dll “C:\Users\Chidambaram\AppData\Roaming\thisv.dll”. I remember this was one of the files which ESET showed me to be quarantined. To get the warning go temporarily, everytime I boot up, I went to Msconfig and checked it off my startup list. Now that I have deleted, is it some serious problem?
I am attaching my MBAM and OTL logs with this post. Kindly somebody help me.
I’m having exactly the same problem, particularly with Mozilla Firefox - was attacked by viruses about 10 times in the last 2 days. They were all stopped and quarantined, but what is going on??? I had to spend hours doing a full system scan, which found 3 viruses - so did Avast really block them or not?? I updated everything, all virus definitions, Windows, etc.
Avast tech support - you need to respond to this issue!
:OTL
IE - HKU\S-1-5-21-4113203903-3327302193-3114257622-1003\..\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}: "URL" = http://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=rjacs&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110728&user_guid=6AACDFD4AE7249939A0CA73918334436&machine_id=3f3b41c6fb1d760c40765e41449f3499&browser=IE&os=win&os_version=6.1-x64-SP1
FF - prefs.js..extensions.enabledAddons: {51AC38D9-FD86-11E1-8271-B8AC6F996F26}:2.0.14
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{51AC38D9-FD86-11E1-8271-B8AC6F996F26}: C:\Users\Chidambaram\AppData\Local\{51AC38D9-FD86-11E1-8271-B8AC6F996F26}\ [2012/09/13 04:35:20 | 000,000,000 | ---D | M]
[2012/09/13 04:35:20 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\CHIDAMBARAM\APPDATA\LOCAL\{51AC38D9-FD86-11E1-8271-B8AC6F996F26}
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-4113203903-3327302193-3114257622-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4113203903-3327302193-3114257622-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
[2012/09/13 04:35:20 | 000,000,000 | ---D | C] -- C:\Users\Chidambaram\AppData\Local\{51AC38D9-FD86-11E1-8271-B8AC6F996F26}
:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Hi, I copy pasted the code and RAN FIX. But it didn’t work out. After OTL ran, it opened me a text file. I closed it, thinking that it would be saved in the desktop (Where the OTL is). But I cannot find it anywhere. May be it is not saved at all. I thought I should ask you before running OTL with the same code once again, to get the log file. Also, the problem is still present. Thanks for the reply.
PS: Before running the fix, I had selected the Scan all users check box in OTL. But I suppose, it shouldn’t make any difference, because we are just running the fix and aren’t scanning. Isn’t it so?
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
I pasted the scrip you gave and ran OTL. But when it executes this line
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\searchpredict@speedbit.com:
OTL stops there and task manager shows me it is not responding. I rebooted the machine and tried running OTL with the script again. The same thing happened.
OK I will have to use a bigger hammer to crack this small nut
Download and Install Combofix
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.