Malicous URL

system · September 17, 2012, 10:27pm

Hi,

I keep getting the same message when opening every new page on chrome........ http://trkjmp.com/kwd?c

Please could you advise on how to get this sorted and what it actually means.

Thank you

Scott

DavidR · September 17, 2012, 10:34pm

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

Please ‘modify’ your post change the URL from http to hXXp, to break the link and avoid accidental exposure to suspect sites, thanks.

system · September 17, 2012, 11:11pm

ad cleaner log and malware log

Will post other logs when finished

DavidR · September 17, 2012, 11:37pm

OK - There may be some delay in analysing the logs due to differing time zones and availability of the volunteer malware removal specialists.

system · September 18, 2012, 6:26pm

OTL Logs

Pondus · September 18, 2012, 6:43pm

i see you are using software from IObit

here is some info in case you want to reconcider
http://www.malwarebytes.org/forums/index.php?showtopic=29681
http://www.malwarebytes.org/forums/index.php?showtopic=30989
http://www.malwarebytes.org/forums/index.php?showtopic=33217

system · September 18, 2012, 6:57pm

The main reason I got Iobit was to speed up the laptop and clear all the junk that was slowing it down. So, is it worth deleting it and if so, do you know of a good alternative?

system · September 18, 2012, 6:59pm

aswMBR Log

Pondus · September 18, 2012, 7:07pm

CCleaner http://www.piriform.com/. obs remember to untic the toolbar during the install…unless you want it
or use the slim installer. http://www.piriform.com/ccleaner/builds

essexboy · September 18, 2012, 7:15pm

Try this and let me know the result

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
IE - HKLM\..\SearchScopes\{60a5deaa-eb33-463b-ab00-7addb02c330a}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=z9xdm005YYGB&ptb=B62E2CA2-DA32-407D-AC60-2EE21516C472&psa=&ind=2010101604&ptnrS=z9xdm005YYGB&si=&st=sb&n=77cfb764&searchfor={searchTerms}
IE - HKU\S-1-5-21-3652234653-703965016-2005572623-1000\..\URLSearchHook: {432cad96-6aa6-407a-ab37-6cfdcd73f377} - No CLSID value found
IE - HKU\S-1-5-21-3652234653-703965016-2005572623-1000\..\URLSearchHook: {ec55ed14-0d79-480e-8f86-a6c45b524f8a} - No CLSID value found
IE - HKU\S-1-5-21-3652234653-703965016-2005572623-1000\..\SearchScopes\{60a5deaa-eb33-463b-ab00-7addb02c330a}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=z9xdm005YYGB&ptb=B62E2CA2-DA32-407D-AC60-2EE21516C472&psa=&ind=2010101414&ptnrS=z9xdm005YYGB&si=&st=sb&n=77cfb6a6&searchfor={searchTerms}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1466@crossrider.com: C:\ProgramData\SendSpaceExtention\firefox [2011/11/23 23:24:32 | 000,000,000 | ---D | M]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll ()
O3 - HKU\S-1-5-21-3652234653-703965016-2005572623-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3652234653-703965016-2005572623-1000\..\Toolbar\WebBrowser: (no name) - {3BCF580A-ADCA-4B91-86E0-3898010003E6} - No CLSID value found.
O3 - HKU\S-1-5-21-3652234653-703965016-2005572623-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3652234653-703965016-2005572623-1002\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O4 - HKU\S-1-5-21-3652234653-703965016-2005572623-1000..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe (Crossrider)

:Files
C:\Users\Acer Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdglekpmmdlmdfogflhiponnndbokpk
C:\Program Files\CrossriderWebApps

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

system · September 18, 2012, 8:41pm

Hi, Heres the next OTL Log…

essexboy · September 18, 2012, 9:05pm

Have the alerts ceased ?

Malicous URL

Announcements