Only started yesterday, Red warnings on EVERY Google search I do.

Viruses and worms
1

Please can you help. As of yesterday, every time I try to go to my online banking I get a red warning box. It says:

Object: http:// …/feed?req=http:%2F%2Fwww.google.co.uk%sFsearch%3Fh

Infection: URL:Mal

Process: C:\Windows\SysWOW64\rundll32.exe

I’m gonna change that first statement, EVERY search I do I’m getting the red warning pop up.

I’ve scanned in safe mode and no virus has been detected! I’m very concerned and don’t know what to do now…

Oh just discovered something, it only seems to happening when I use IE9 - opened Chrome, and no red pop-ups at all!

Thanks

Ange
x

2

follow this guide and attach (not copy and paste) logs from Malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

when done a malware remover will be notified: It may take sveral hours before one arrive so be patient

3

Thank you very much for answering. I’m sorry, I’m being a bit dense, where exactly am I attaching the Malwarebytes (got this) log please?

Actually, it’s getting quite late, so I’ll carry on with this in the morning. Thank you,

Ange
x

4

belowe the txt box you write in her you will see “attachment and other options”

and we need logs from Malwarebytes / OTL / aswMBR

if you surf some of the other topics belowe yours you will see how it is done…

5

Morning, OK done as requested. I think! Is this OK please?

Ange
x

6

thats OK

malware removers are notified, It may take sveral hours before one arrive so be patient

7

Many thanks Pondus… better sit and have a coffee or 3 then… :wink:

Ange
x

8

it may be a lot more then that…but help will arrive

9

I’m going to add to this, (I’m on a different laptop by the way) Just opened IE9 on the offending laptop, clicked on ANY of my favourites and am taken to site without problem. HOWEVER, when I click the HOME icon, I immediately get the red warning box…

Ange
x

10

Hello :wink:

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.

Re run aswMBR and attach here fresh aswMBR.txt

11

Gone into panic mode now, followed to the letter, the instructions on performing ComboFix - report was duly issued, have saved it. I’m typing this on my laptop, I tried to open IE9, got RED window

c:\Program Files (x86)Internet Explorer\iexplore.exe Illegal operation attempted on a registry key that has been marked for deletion.

Then tried to run as you requested another aswMBR scan, and got this:

C:\Users\Petes-lsppy\Downloads\aswMBR.exe Illegal operation attempted on a registry key that has been marked for deletion.

Clicked ok to both, then got:

It might have been moved, renamed or deleted. Do you want to remove this item? I clicked NO

HELP!!! Should it be doing this? I can only seem to open images…

Ange

12

Just reboot your computer one more time. :wink:
Please attach here Combofix.txt log and aswMBR.txt log if you have them.

13

Hi Magna, many thanks for coming back to me. OK. Performed a restart. IE9 HAS OPENED!!! So has Chrome… just tried it to see. ANYWAY Enough waffling. Attached is that ComboFix txt file.

Ange
x

14

Do not worry and please do not panic.
I’m will be here until we solve the problem;)

Within half an hour, ( one hour max ) i will be back with further instructions. :wink:
Currently I have a private business :frowning:

15

Greatly appreciated, many thanks. \i’ll be here… :cry:

Ange
x

16

Combofix deleted a couple of malicious files but beside that I do not see active malware. Do you still have red warning box?

You did not attach aswMBR.txt log. Download fresh copy of aswMBR.exe and run the tool:
http://forum.avast.com/index.php?topic=53253.0

17

OK magna, thanks. File attached. Red warnings are NOT appearing in IE9 any longer however when I just tried navigating from this thread to the d/l a fresh copy of aswMBR.exe, |I got the Explorer has stopped working window. It did this 3 times. The first time it spontaneously closed. The other 2 times I clicked no don’t find a solution (or whatever it was…)

Ange
x

18

Go here:
C:\Qoobox\Add-Remove Programs.txt

Attach here Add-Remove Programs.txt

Please download MBRCheck.exe to your desktop.

[*] Be sure to disable your security programs
[*] Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
[*] A small window should open on your desktop
[*] if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
[*] If nothing unusual is found just press Enter
[*] A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please attach logreport here

19

These 2?

20

I could ONLY post these 2 attachments by hitting alt+s - everytime I hit post, it went to an error window…saying connection to Avast forum failed contact your IP support