Please help with Virus / Malware problem - Win32:Malware-gen URL:Mal

Viruses and worms
21

sc-cleaner.txt attached—

I have no doubt I am good hands-
I like to try and learn what I can and I was curious to know what I had–

ty ty ty
;D

22

also I was wondering if what I have is bad enough to warrant a clean install–
I would rather not have to do that, but if it was wise to do so with whatever I have then I would-

Thats why I was wondering if you knew exactly what I was dealing with…

thanks again - I hope you had a good weekend

23

OK I think I may have found it, let me know if the deletion of this folder stops it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
[2013/04/13 19:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marwan\Application Data\MCommon

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ADEFB8E-B723-45E6-86E2-2B7841F5D6A5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.PerformancePack\CLSID]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7adefb8e-b723-45e6-86e2-2b7841f5d6a5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Component Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.PerformancePack]

:Files
C:/Documents and Settings/%UserName%/Application Data/Microsoft Extensions/MicrosoftUpdate.DLL

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

24

attached fix plus quick scan-

25

Ooops I used the wrong switch, have the alerts ceased ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Files
C:\Documents and Settings\Marwan\Application Data\Microsoft Extensions\MicrosoftUpdate.DLL

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

26

my internet has been down----

I will run OTL again with new info and attach log-

However, I was trying out IE and it seems that the alerts have stopped popping up when I open it at the start- I have not looked further to see if I still get some of the other alerts I was getting with some google searches though-- I will do that after OTL–

However I was using firefox today and I got a strange Trojan horse alert after clicking to go to a site I have gone to before without probelms-

using firefox I did a search on google for “stock market forum” and I then clicked on www.stockrants.com/forum/
then I got this message-

Infection Details
URL: http://www.stockrants.com/forum/misc.php
Process: C:\Program Files\Mozilla Firefox\firefox…
Infection: HTML:RedirDL-inf [Trj]

it seemed very strange, and it may be related since there is something about a redir? Although this is a trojan horse warning-
I will attach a screenshot-

27

attached OTL–

28

ps-

I just got this same message in chrome trying to open same site from chrome–

Infection Details
URL: http://www.stockrants.com/forum/misc.php
Process: C:\Program Files\Google\Chrome\Applicati…
Infection: HTML:RedirDL-inf [Trj]

29

strange thing-

I also noticed that I cant replicate this trojan horse if I do the same search and click again through google to that site- However if I restart the computer I am able to make the message pop up again

30

Those alerts a different, they are alerting on a Gzip on that page, could you revisit and see if the alerts still appear

31

yes I just tried it again, google searched, clicked to site, and get the same message-

Trojan Horse Blocked-

Infection Details
URL: http://www.stockrants.com/forum/misc.php
Process: C:\Program Files\Mozilla Firefox\firefox…
Infection: HTML:RedirDL-inf [Trj]

32

Does this only happen in Firefox now ?

If so could you disable all addons and see if they cease

33

No this happens in Firefox and Chrome, and I will test IE too now–

some notes:
It happens only the first time I try to click to the site through google search- After that first time I get teh trojan horse warning I will not get it again until I restart the computer and try again and in that instance I will get the popup message again-

Once I get the message- it doesnt happen in a different browser once it has happened in the other- for example I use chrome first, I open the site and I get the popup, then I open firefox and do the same thing, but not message-

Maybe it is hijacking google search links?

34

I could not replicate the same problem ( trojan horse) in IE–

do you still want me to try and disable addons in firefox?

any suggestions?

35

Yes disable the FF addons as some run through to Chrome as well

36

I disabled all Firefox extensions AND plugins but I still get the same Trojan Horse warning

37

I still get it with firefox and chrome- but cant replicate in IE-- and I onle get it the first time after a computer restart still—

38

Could you run a fresh OTL scan please selecting all users … The answer is somewhere within the FF/Chrome addons

39

do you need anything in custom scan box etc?

40

OtL attached—