Malicious URL Blocked

Hello,

I recently got a virus and it’s been giving me a ton of trouble. When looking for help I stumbled upon http://forum.avast.com/index.php?topic=77336.0 - where someone appeared to have my exact problem. I have followed the directions in reply #4 of the post, and attached my aswMBR.txt and the OTS.txt that I got from running that step. However, when I go to run aswMBR.exe again afterwards, and I scan, the “fix” button is faded out, and will not let me press it. Should I skip this step and continue with the second OTS step? Or is this something that is different for each user?

Thanks for your time.

.....and attached my aswMBR.txt and the OTS.txt......
where....no attachment here ?

sorry, they’re attached now.

the aswMBR log looks clean

you have to wait until tomorrow for Essexboys advice, when he have seen the OTS log

have you run Malwarebytes ?

The reason there is no Fix, is that the aswMBR.txt file isn’t showing an MBR rootkit, it is very clear in the report if you have a rootkit. Whilst this is only reporting an unknown MBR. This can happen if you have a manufacturers PC, like Dell or perhaps HP, which may have a unique MBR to cater for their recovery partition.

So do you have a Dell, HP system, etc. ?

I can’t help with the OTS log it isn’t something that I’m familiar with.

My brother built this PC. It was not bought from Dell or HP or anything like that. What would I do to go about finding my MBR? Sorry, I don’t know anything about MBRs so you may have to walk me through this a bit =/.

Also I have run MBAM twice, the first time it caught things and deleted something in the config\system folder so I couldn’t start the HD. After I recovered that I was able to run it a second time with no luck. I have also run avast and avg, both multiple times.

Thanks again

Then the MBR (Master Boot Record) appears to be clean.

You can’t really go looking for it as it is meant to be hidden as altering it could turn your computer into an expensive paper weight.

get more general info by googling MBR, which turns up this, http://en.wikipedia.org/wiki/Master_boot_record.

So, just as a clarification, is there anything else to do for this problem or is there no fix?

Someone with the knowledge of OTS needs to analyse your OTS log.

But the major thing is are you still experiencing the URL malware popups and if so how frequently.

I have also run avast and avg, both multiple times.
does it mean you have both installed ?

Yes I have both installed, and as long as I’m on the internet, around once every 5-15 minutes. Sometimes more.

Never install two antivirus (see reply from quietman7)
http://www.bleepingcomputer.com/forums/index.php?s=7c8217673a726b92cfc91ecfd4294a29&showtopic=260844&view=findpost&p=1441638

Uninstall one of them asap…!!

ok ok. I only did so after I couldn’t get rid of this virus, but yeah one’s gone O.o . still have the problem though

We need essexboy here…

I would like a second opinion on the MBR

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

[Unregister Dlls]
[Files - No Company Name]
NY ->  2ooB4RXWOQr -> C:\Documents and Settings\Tommy\Local Settings\Application Data\2ooB4RXWOQr
NY ->  2ooB4RXWOQr -> C:\Documents and Settings\All Users\Application Data\2ooB4RXWOQr
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
  

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

THEN

Please read carefully and follow these steps.

[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png

[*]If an infected file is detected, the default action will be Cure, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png

[*]If a suspicious file is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png

[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png

[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.

Preferably AVG :wink:
Just as a matter of caution it’s always good to have a backup of your Master Boot Record (MBR).
there’s a few utilities around, I’ve had success with MBR Fix, so can recommend it.
Download MbrFix:- http://www.sysint.no/Nedlasting/MbrFix.zip

The command to backup MBR is:

MbrFix /drive 0 savembr .
See Pic.
I save the file to my “C” drive and then copy it to a backup disk .
EDIT:
[oops, essex just posted, … if you have a “clean” MBR back it up :wink: ]

Sure. :wink:

So, I ran the first part of your fix with OTS, and now my computer restarts itself before completely loading everything in the startup. It loads windows, and a few other things before crashing.

After a few auto-resets of my computer, AVAST started popping up an error message asking me if I wanted to run a file in the sandbox (I don’t recall the exact message but I was able to write the files down that it listed.) This happens after Windows loads, and before it force resets. The file was C:\Program files\NETGEAR\WG311T\wlancfg5.exe and that file was opened by C:\WINDOWS\Explorer.exe. Probably not the thing that’s crashing my computer? But I’m not sure.

Either way I’m here now in safe mode with networking, and I have the result of the OTS fix attached so you can look at it. Should I proceed to do the rest of your fix in safe mode or wait till I can get my computer to stop restarting itself?

OK this is weird as I just removed two malware folders and nothing else

Do you get any errors when it crashes ?

Could you run TDSSKiller from safe mode please and also run a fresh OTS scan