system
September 18, 2012, 1:20am
1
Whenever I load a webpage, be it through Crome, Firefox or IE, avast blocks the following url:
i.trkjmp.com/kwd?c=Q0E6T046V2F0ZXJsb286Zm9ydW0uYXZhc3QuY29tOnotMTA2My0xNTIyNA%3D%3D&cb=_GPL.items.a652c.displayKeywords
This just started happening today.
I’ve been following the steps in: http://forum.avast.com/index.php?topic=53253.0
to try and remove the malware
So far, I’ve run AdwCleaner and MBAM. Attached is the MBAM scan log
Removing these files has not resolved the problem, so the the thread recommended that I start a new topic for my problem.
I will proceed to run OTL and aswMBR
system
September 18, 2012, 1:48am
4
So, does anyone have any suggestions as to how I should proceed? :-\
Pondus
September 18, 2012, 2:18am
5
yes …be patient as all the removers are in bed now, so check back later today
It’s quite late here… You can imagine in Europe
system
September 19, 2012, 12:00am
7
I realize it’s likely too late for people to post responses to this, but this Is the first chance I’ve had to use the computer all day.
Just an Update: Today when I booted up my computer, the avast popup no longer appears when I load webpages. However, When I check my real-time shields, the “i.trkjmp.com/kwd?c= …” etc. connection is still happening and is being scanned, but is no longer being flagged as an infected connection.
Should I be worried?
You do have some bad redirectors on the system
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.3.0.1
FF - prefs.js..extensions.enabledItems: info@allpremiumplay.info:1.0
FF - prefs.js..extensions.enabledItems: 5042c63c02e6f@5042c63c02ea8.info:1.0
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\info@allpremiumplay.info: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\37kqkebc.default\extensions\info@allpremiumplay.info
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5042c63c02e6f@5042c63c02ea8.info: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\37kqkebc.default\extensions\5042c63c02e6f@5042c63c02ea8.info [2012/09/01 22:42:33 | 000,000,000 | ---D | M]
[2012/09/01 22:42:33 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\37kqkebc.default\extensions\5042c63c02e6f@5042c63c02ea8.info
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (CodecC Class) - {36461866-1CED-4E5E-A0D6-92694E052B4B} - C:\ProgramData\CodecC\bhoclass.dll File not found
O2 - BHO: (Codecv Class) - {45B3F777-6442-ADD7-2BE2-82DD30B018EB} - C:\ProgramData\Codecv\bhoclass.dll ()
O3 - HKU\S-1-5-21-3879206052-2342617554-1751574852-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
[2012/09/01 22:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
[2012/09/01 22:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Codecv
:Files
C:\USERS\MAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\37KQKEBC.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
C:\USERS\MAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\37KQKEBC.DEFAULT\EXTENSIONS\INFO@ALLPREMIUMPLAY.INFO
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
system
September 19, 2012, 6:22pm
9
Ran the fix. The i.trkjmp redirect doesn’t seem to be happening anymore, so that’s good.
Attached is the log for the quick scan.
If there are no further problems then run OTL and press the cleanup button ;D
system
September 19, 2012, 6:38pm
11
Great! Thank you very much for the help!