Malicious URL Blocked

Viruses and worms
1

URL: hxxp://88.214.201.204/click/?sid
Process: C:\Windows\System32\rundll32.exe
Infection: URL:Mal

I’m not very computer geeky but please help! This message keeps popping up over and over and over. I’ve updated the database and definitions and run a full scan.

Thank you!

2

Could you break the link please so it is not clickable

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
[b]netsvcs
%SYSTEMDRIVE%*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U*.* /s
%Temp%\smtmp\1*.*
%Temp%\smtmp\2*.*
%Temp%\smtmp\3*.*
%Temp%\smtmp\4*.*

C:\commands.txt echo list vol /raw /hide /c
/wait
C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT[/b]
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the “Scan” button to start scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRScan.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRsavelog.gif

3

Follow all the instructions from essexboy meticulously, he will help you with the cleansing routine.

On a side note. Why should that live link be broken? For this see: http://sitecheck.sucuri.net/results/http://88.214.201.204
The attacker site will prompt the victim to log in, then generates a long number called a session identifier, SID , and remembers that this is associated with that particular user’s browser session. Then it requests the vicitim browser to save that unique SID in a cookie. Revisiting to that attack site the vicitim’s browser will provide that particular SID cookie to the attacker,

polonus

4

Hi, i’m Andrea and i’ve the same problem. Made what you suggested and the result was in the 2 notepad files.
For me is like Russian but i’m from Italy!!

Thanks for your helps

5

Hi Andrea,

As the post you have attached to is from March 25, 2012 for another user, you need to start your own thread. Please be aware the solutions provided here are specially crafted and made only for the particular system in need of help and repair. What are needed are current logs from your system: Please see the sticky here, http://forum.avast.com/index.php?topic=53253.0 and run only the first three programs noted, Malwarebytes, OTL, and aswMBR. Attach these logs in the new thread you open.