hi
when i click on a link in google avast pops up and tells me a malicious url has been blocked i have hopefully attached a screenshot, please can you help
thanks
p.s screenshot was too large to attach
hi
when i click on a link in google avast pops up and tells me a malicious url has been blocked i have hopefully attached a screenshot, please can you help
thanks
p.s screenshot was too large to attach
Crop your image so it only shows the relevant parts, e.g. the avast alert window, that should reduce the size considerable. You can also save the file as a .gif format, which again should produce a smaller file size. That should bring you under the 200KB limit.
sorry, unable to crop it to reduce the size ???
is anyone available to help with the original issue?
keep getting more pop ups from avast!!
ok, finally cropped screenshot and attached it!
This IP [nobbc]64.111.211.158[/nobbc] is for ISPrime and is a familiar occurrence in the viruses and worms forum, see http://forum.avast.com/index.php?topic=81036.msg662629#msg662629.
So you need some specialist help, to get the ball rolling you need to run OTS and attach the log.
Note: this says attach the file (to big for copy and paste, use the Additional Options in the Reply window to attach the file.
Hi David, thanks for your help, i am unable to attach the log or paste it as it is too large??
any ideas?
hope this works
If the log file is greater than 200KB - You can use a file sharing site such as Mediafire.com - Upload to http://www.mediafire.com/ and post the sharing link.
Here is the link to the log file. hope this helps
I will try and get someone to have a look at it.
Ok. Thanks David
We may have missed essexboy as he may well be in bed now 11:30pm in the UK and he has to work days, so may not be back on the forums until tomorrow evening.
utorrent.exe → C:\Program Files (x86)\uTorrent\uTorrent.exe
this is a adware.
C:\Windows\system64\drivers\volsnap.sys
this is a TDL4 rootkit according to the info i have gathered.
try removing the tdl4 rootkit via kaspersky tdss killer.
*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
[*]If an infected file is detected, the default action will be Cure, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.
download mbam from here: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
and get rid of the adware.
post mbam and tdss logs on next comment.
Thanks com 155
Ran TDS Killer but it didnt seem to find anything.
Have attached the logs as you requested. Is essexboy about, he seems to be dealing with a lot of people with the same issue.
ok,may be essexboy may arrive late u should try this as an alternative option:
1.download dr.web from here:
www.freedrweb.com/?lng=en
2.do a full scan and i am sure it will find it and u should choose to cure it.
3.once done post logs on next comment and tell me whether this worked or not.
if not we have to wait for essexboy to arrive.
Hi
Can you paste a link to dr.web please as i am unable to paste it in my address bar as the virus re-directs me
thanks
now i have made it a link try it:
this is a adware.No this is a legitimate windows fileC:\Windows\system64\drivers\volsnap.sys
Nothing is readilly apparent with OTS so I will need to dig a bit deeper
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!
THEN
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[]Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Hi Essexboy
Ran OTS and have attached the log file also ran ComboFix and after it running it did not produce a log file???