Hello, a few days ago my avast started to pop some notifications about a malicious URL, i searched about it and discovered that is the malware http://rk400.com
I tried some things but nothing really helped me to get rid of this malware, it is blocking my acess to some things of internet, like updating some games or programs, using the google chrome, I can only use Opera, didnt tried Firefox.

I did some procedures and I will attach the logs from AdwCleaner, OTL and MBAM on the next post, because i couldnt attach on this one.
Some of the logs may be in Portuguese, i’m really sorry about this, if it’s a problem please notify-me so I’ll try to change the program language to english and try to run them again!!

That’s the pop-up, it’s in portuguese too, i’m sorry:
http://i.imgur.com/280dO.png

I already thank everyone that attempt to help me on this one, because it seems really hard to get rid of this thing, please, i need some help here!!

Logs

For the record, I was running aswMBR, so i could post the log here, but my pc crashed, it gave that terrible blue screen, i don’t know if a should try running it again.

My OS is Windows 7 Home Premium, it’s original.

That’s no problem. Keep posting your logs.

Hi, lets see if we can resolve this

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

http://dl.dropbox.com/u/73555776/TDSSFront.JPG

[*]Then click on Change parameters.

http://dl.dropbox.com/u/73555776/TDSSConfig.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

http://dl.dropbox.com/u/73555776/TDSSFound.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

http://dl.dropbox.com/u/73555776/TDSSEnd.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

6 suspicious objects found, skipped them all, none malicious found.

I tried attaching the report file but it’s too big, so I uploaded in MediaFire:

http://www.mediafire.com/view/?6ao9aot1uedvpz8

I appreciate your help!

OK the MBR is not the culprit which is good

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Hi, I opened ComboFix, and it tried to update, but as i said, some programs just can’t update, and that one couldn’t, so I used it without updating, then I rebooted my pc and tried to open skype, because every time i opened skype the malware pop up showed up, and now it don’t shows anymore, and Google Chrome is working again, but on the bad side I lost the sticky note on my desktop with all my tests dates, but this I can fix.
Just lyrics for winamp that isn’t working again, i’ll try reinstalling it.
And later i’ll try to update some games and programs to see if it works, but anyway, thanks man, this was really helpful.
Anyway, i’ll attach the log here.

Thank you very much.

Well, the programs and games still dont update, and Internet Explorer and every programs that uses it to connect with the internet are bugged, so i’m afraid that this malware isn’t completely removed, there’s any way to know that?

hi Black3,

Problems you are experiencing are not unusual for an infected system.

essexboy likely lives in a different (or near same) time zone as you, and will be back after work, etc. He will also assist you in fixing any additional issues because these issues were caused by the original infection in the first place.

Work with him and when all is good, he will give the all clear.

OK lets check the services next

Download and run farbar service scanner

http://i1224.photobucket.com/albums/ee362/Essexboy3/Farbar/FSS-1.jpg

Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

THen could you run a fresh OTL scan ensuring all users is selected

Hi, here are the logs.

Could you try to update after this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
IE - HKU\S-1-5-21-2501481691-2038128686-1698612183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://jcefk.sistemseguroupdate.com/u5z4tuoocai.win

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

OK, I did everything, and then tried to update my stuff but it’s still not working, IE still doesn’t works (not that I care that much, anyway).
Log of the Quick Scan attached.

And thank you essexboy for helping me with this!

OK lets run a further check on the MBR

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

Sorry for taking too long to answer, I’ve been a little busy with my university.
TDSSKiller log attached.

It looks like system repair time I feel

Download Windows Repair (all in one) from this site

Install the programme then run

https://dl.dropbox.com/u/73555776/waio%20start.JPG

Go to step 3 and allow it to run SFC

https://dl.dropbox.com/u/73555776/waio%20step3.JPG

On the start repairs tab click start

https://dl.dropbox.com/u/73555776/waiostart%20rep.JPG

Select the following items and tick restart system when finished

https://dl.dropbox.com/u/73555776/waio%20rep%20list.JPG

Hi, I did everything and after the reboot I tried updating the programs and tried launching Internet Explorer, it’s still not working, I don’t know, maybe I should try reinstalling the programs/games, but at least when I opened Skype, avast didn’t showed that malware pop up, It was been shown everytime I open skype, now it isn’t.

Should I try reinstalling the programs?

I appreciate your help.

Yes re-install one programme first and let me know if that updates, if it does then do the rest, if not let me know

I tried re-installing some programs but none worked, and since I can’t uninstall the IE, I don’t know how i’m going to fix it.

Looking at all this it seems as though the system has been corrupted beyond my tools ability to repair

I would recommend that you back up your data and reinstall windows

Hi, sorry for replying this post again, I just wanted to say that the only problem was Internet Explorer, that was corrupted, the malware was excluded, and I just repaired IE and it started to work again, and the programs updated too, so if anyone is having the same problem, after destroying the malware, just repair the IE, and it will work fine. No need to format the system or reinstall windows.
Thanks again essexboy for your help.