Recently started getting
‘malicious url blocked’ all from
hxtp://vjlvchretllifcsgynuq.com
looks like the same problem found here
hxtp://forum.avast.com/index.php?topic=125804.0
Other things I have noticed.
Windows Defender was deleted
and i cant download anything on any browser firefox, chrome, IE
I have been uploading things to dropbox from my phone and accessing on my computer. There are 2 Adwcleaner. The first is from when I recently removed some small adware.
Re-run AdwCleaner;
[*] Click on the [Delete] Wait for the programme completes his work. The program will close all active programs. Click OK to confirm that.
On the next two windows that open ( Informations and Restart required ) click OK
[*] The computer will restart and open a notepad ( C:\AdwCleaner[S1].txt ) with the report.
[*] Save the notepad report on the Desktop
[*] Please attach here C:\AdwCleaner[S1].txt
Download ComboFixfrom here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully. note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.
How to disable avast:
[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
Combo fix ran all day and nothing. I finally restarted my computer after it froze for about 30 min. now it is running again but has been running for an hour already.
this is the last thing that displays
“ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.”
Please delete the Combofix.exe ( drag & drop into recycle ) and download fresh copy of Combofix.
Please try again to run the tool. Don’t wait all day, if you see that CF doesn’t run, reboot your computer and re-try it from safe mode.
I realy need to see Combofix log.
used that code. in safe mode. it has been running for almost an hour and a half.
also looking in the task manager the process swxcacls.3xe is the only one doing anything. staying about 20% cpu. But the memory use is for it is slowing increasing .
[*] Unzip/unrar MBAR in a folder to your Desktop
[*] Open the folder where the contents were unzipped to run mbar.exe
[*] Click on Next > then on Update button to download fresh definitions.
[*] When database updates click Next
[*] In the following window ensure “Targets” scan for Drivers; Sectors; System are ticked. Then select “Scan button”
[*] If an infection/s are found ensure “Create Restore Point” is checked, then select the “Cleanup Button” to remove threats.
Or if you are sure any entries should not be kept, just untick them. A list of infected files will be listed.
[*] The Clean up procedure will be Scheduled for process.
[*] When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.
Please attach the two following logs from the mbar folder:
system-log.txt
and mbar-log-year-month-day (hour-minute-second).txt.
[color=green]Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Okay, Zoek did a fantastic job but there’s still work to do. Your malware (rootkit) is a bit specific, we need to dig a little deeper.
You need to re-try to run Combofix ( instructions are on the last page ). Delete old Combofix.exe ( drag & drop into Recycle bin ) and download fresh Combofix copy.
Re-run CF and attach here fresh Combofix.txt logreport.
If CF fail again, let me know it, and move on Zoek. Same with zoek.exe. You will delete old zoek.exe ( drag & drop into Recycle bin ) and download new, fresh version of zoek.exe.
Re-run zoek.exe with this script:
filesrcm;
startupall;
DIR /S /A:L "%systemdrive%\*">>"%temp%\log.txt";b
C:\Windows\system32\services.exe;i
C:\Windows\SysNative\services.exe;i
firefoxlook;
chromelook;
combofix wont work not because the computer refuses to connect to the internet. just says local only on multiple networks both with and with out wifi. running zoek now.