system
August 3, 2012, 5:07am
1
Hi there,
I’m getting this pop-up whenever I do a search on any search engine using Firefox.
MALICIOUS URL BLOCKED
http://3.payviaclick.com/.../thvhOphTPXyaHIsdWrT1kHT8SYw=
process: programfiles (x86)\mozilla firefox\firefox.exe
I’ve followed the first 2 steps from this post: http://forum.avast.com/index.php?topic=53253.0
Attached are my logs. How do I remove the malaware?
welcome to the forum. please attach the two other files also from to guide the malware expert will need them two. the malwarebyte log and the second log from the otl scan.
Pondus
August 3, 2012, 9:39am
3
do you also have the malwarebytes scan log…first step in that guide
Let me know if this cures it
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E3996B7A-2E12-4CE2-A8F1-D1C654BD71E1}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0A864895-7942-11E1-826D-B8AC6F996F26}: C:\Users\D\AppData\Local\{0A864895-7942-11E1-826D-B8AC6F996F26}\ [2012/03/28 21:53:59 | 000,000,000 | ---D | M]
[2012/03/28 21:53:59 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\D\APPDATA\LOCAL\{0A864895-7942-11E1-826D-B8AC6F996F26}
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the
Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the
Quick Scan button. Post the log it produces in your next reply.