mrspytool.com

Hello Avast Guru’s

My computer navigated by itself (as far as I can tell) to wXw.mrspytool.com. The page displayed indicated a suspended account and the full address was http://wXw.mrspytool.com/cgi-sys/suspendedpage.cgi

I can’t find any information anywhere about what mrspytool is and given it’s name I’m a little concerned. No reputable websites have been visited in recent history that would re-direct me…

Does anyone know what mrspytool is? Avast Internet Security hasn’t suggested anything is amiss…

Thanks!

Sounds like defunct adware

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

Logs attached. Thanks for the reply ESSEXBOY. Have you ever seen reference to this website before (mrpsytool)?

Colin

Sitecheck http://sitecheck.sucuri.net/results/www.mrspytool.com/
Web site disabled info http://labs.sucuri.net/db/malware/web-site-disabled

Hi drill2,

Break the live links in your posting to this untrusted domain (Phishing site), like with wXw and htxp://
See: https://urlquery.net/report.php?id=1428440668552
Blacklists

Fortinet’s Web Filter / fortiguard.com
Added / Verified Severity Host Comment
2015-03-23 2 -secure-connect-reset-account.com/confirmation/redirect/ Phishing
MDL / malwaredomainlist.com No alerts detected
DNS-BH / malwaredomains.com No alerts detected
OpenPhish / openphish.com
Added / Verified Severity Host Comment
2015-03-18 2 -secure-connect-reset-account.com/confirmation/redirect/ PayPal Inc.
PhishTank / phishtank.com No alerts detected
Spamhaus DBL / spamhaus.org No alerts detected

polonus

Could you let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2998551723-1798246840-3147487733-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

I’ve performed the actions you recommended.

Thanks for the help!

Are you still getting the undemanded page opening ?