I have attached the text files that are listed as needed.

I have been getting a network shield warning that a bad URL has been blocked but no internet programs are in use.
I can see that Avast is doing what it is meant to do and I have tried navigating to the path listed in the warning but the file doesn’t exist. Im no tech head but am I right to believe that something is on my system and trying to hijack my browser?

Warning states “Malicious URL detected”

Google and internet Explorer are not running so something has got on to my computer.

I have followed the path listed in the warning from Avast, but I
cant see the file.

Questions:

1. Threat is detected in background scan. It appears that network
   shield is what is picking up the threat.It pops up every few minutes.

2. Threat is listed in warning popup
   URL: http://nulio.ru/flowers.php
   Process: c:/Users\Normal\dxqloqp.exe
   Infection: URL:Mal

3.Unknown when downloaded, warning has begun occurring today (16/04/2013).

4.Unknown

5.Warning wording:

Malicious URL blocked
Avast Network Shield has blocked a harmful site.
URL: http://nulio.ru/flowers.php
Process: c:/Users\Normal\dxqloqp.exe
Infection: URL:Mal

Any help would be greatly appreciated.

malware removers are notified, check back later today…they are usually here after work hours european time

Thanks for the quick reply.

Am I right to assume that at the moment I’m safe as Avast is blocking the attempts of something to connect?

yes…
OBS: also attach Malwarebytes quick scan log

Malwarebytes report attached.

I let MB delete the entry it found but the problem still keeps occurring.

Let me know if this works

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
F3:64bit: - HKU\S-1-5-21-2451556444-237762819-3164110831-1001 WinNT: Load - (c:\users\normal\dxqloqp.exe) - c:\Users\Normal\dxqloqp.exe (Texas Instruments Incorporated)
F3 - HKU\S-1-5-21-2451556444-237762819-3164110831-1001 WinNT: Load - (c:\users\normal\dxqloqp.exe) - c:\Users\Normal\dxqloqp.exe (Texas Instruments Incorporated)
[2011/02/19 05:49:33 | 000,237,568 | -HS- | C] (Texas Instruments Incorporated) -- C:\Users\Normal\dxtmvf.exe
[2011/02/19 05:49:33 | 000,237,568 | -HS- | C] (Texas Instruments Incorporated) -- C:\Users\Normal\dxqyoi.exe
[2011/02/19 05:49:33 | 000,237,568 | -HS- | C] (Texas Instruments Incorporated) -- C:\Users\Normal\dxqloqp.exe
[2011/02/19 05:49:33 | 000,237,568 | -HS- | C] (Texas Instruments Incorporated) -- C:\Users\Normal\dxoxkzol.exe
[2011/02/19 05:49:33 | 000,237,568 | -HS- | C] (Texas Instruments Incorporated) -- C:\Users\Normal\dxejyj.exe

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thanks Essex,

I followed your instructions and OTL log is attached.

For a few minutes I thought it had worked but the same warning is popping up again.

I am starting to backup some bits and pieces that I have on the computer, would malware be in my pictures files or words docs, or does it try to hide in program files and out of reach places?

I am considering a re-install of windows

I am considering a re-install of windows

OK they came back, bigger hammer time

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

We have a winner.

Thank you very much Essexboy and Pondus, scans are showing nothing and no more pop ups. I have rebooted numerous times through the day and found all works perfectly. Run most of my GPU intensive programs and gone to all the websites I usually haunt.

I have been looking at the speed today and found that since the malware has been erased, my system has sped up to it’s usual. I will definitely book mark and be back if I have any problems. Very prompt and correct help is rare nowadays.

Hats off to you Good Sir!!
Thanks again mate.

attach the combofix log

come back later today and Essexboy will remove the tools used when all is OK

Aye could you attach the combofix log, as it does not always find every scrap

Hi everyone,

I’ve got exactly the same problem as PacoTaco on one of my PCs and am wondering if I should use the ComboFix tool as well?

Many thanks

Maarp

No… no infection is the same
first start your own topic, and in that topic attach…not copy and paste the requested logs

see guide here. http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

then come back late tomorrow for cleaning
removers are in bed now and will be back tomorrow after work

Thanks, will do!

Thanks again Essexboy and Pondus.

No problems still.

TXT file attached.