Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts

Hi,

Well just because it is an older system let’s not give up yet. :slight_smile:

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer’s settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Rather nervous about this…“On each restart of the machine, a black screen will offer you the option to boot into recovery consule mode. For normal use, just ignore the black screen. Windows shall boot normally in 2 seconds.” The dreaded black screen…please re-confirm that it will boot normally automatically without me pressing arrows or enter won’t it?

All was working very well on my computer until I downloaded SP3…started to have problems directly afterwards…lost the Help and Support Centre too, can’t search on it now, no results show. I tried to remove SP3, but couldn’t do it.

I have over time been plagued by Canadian SPAM emails and I suspected at one time that something may have been done to my computer.

Please note that I do not have a Windows XP CD and I have just read: "To install the Recovery Console, you will need your Windows XP CD.

Hi,

please re-confirm that it will boot normally automatically without me pressing arrows or enter won't it?
Yes it should. :)

Do you have anyone that you might be able to borrow a Windows CD from?

I’m afraid not. :frowning:

Shame I couldn’t complete OTL without using safe mode.

I guess we’re running out of options here? What could these ‘nasties’ do though if I were to leave them?

What could these 'nasties' do though if I were to leave them?
Well they could lead and open doors for more serious infections that could steal information from you like passwords, account numbers and such... ----------

With malware infections being as they are today, it’s strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft’s website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that’s appropriate for your Operating System. Download the file & save it as it’s originally named.

Note: If you have SP3, use the SP2 package.


Transfer all files you just downloaded, to the desktop of the infected computer.


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

http://img.photobucket.com/albums/v666/sUBs/RC1-4.gif

[*]Drag the setup package onto ComboFix.exe and drop it.

[*]Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

http://img.photobucket.com/albums/v706/ried7/cfRC_screen_2.png

[*]At the next prompt, click ‘Yes’ to run the full ComboFix scan.

[*]When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt in your next reply.

Hi,

I have Windows XP Home Edition and SP3. So I need to download SP2 (as you advised) and XP Home Edition as well, correct?

Re: Transfer all files you just downloaded to the desktop of the infected computer. How do I do that please? I didn’t know how to download OTL to my desktop either…there’s no icon there.

Hi,

No you only need to download the files for Windows XP Service Pack 2.

What browser are you using for the downloads?? IE, Firefox, Chrome…

Firefox

I’m worried about whether I’d actually be able to boot up in ‘Recovery Console’ mode when I can’t use arrows and enter to boot up in anything other than normal mode. Would I need to use those? Also worried that I am not able to use System Restore.

Would I be able to use the XP Setup disk to carry out a clean installation in future if needed, only I would rather download that if the answer is yes?

In case you are not about to answer this: Reminder: Re: Transfer all files you just downloaded to the desktop of the infected computer. How do I do that please? I didn’t know how to download OTL to my desktop either…there’s no icon there.

Hi,

To download files to your Desktop in Firefox do the following:

Open Firefox >> click on Tools >> Options >> in the General tab >> check Always ask me where to save files and this will allow you to select Desktop as the location to download your files to. :slight_smile:

Let me clarify…are you unable to use your keyboard as well? Is that in both Normal and Safe Mode?

Keyboard use generally is fine, however, after I pressed F8 for the boot menu I tried to select safe mode using my keyboard, but nothing happened with the up/down arrows, it was stuck on normal boot…I tried to select that with ‘enter’…again nothing happened, so I had to manually switch off and boot normally.

It’s like something (SP3?) has knocked out important functions on this computer, I did not have these problems after the fresh installation of XP.

I really appreciate your time and effort in helping me. :slight_smile:

Hi,

Let’s look over your keyboard registry key…

[*]Click Start > Run type Notepad click OK.
[]This will open an empty Notepad file.
[
]Copy/Paste the contents of the box below into Notepad.


@echo off
regedit.exe /e "%userprofile%\Desktop\look.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Kbdclass"
Notepad.exe %userprofile%\Desktop\look.txt
Del look.txt
Del %0

[]Click Format and ensure Wordwrap is unchecked.
[
]Save as RegExp.bat
[]Save as file type All Files or it won’t work.
[
]Now double click on RegExp.bat to run it.
[*]A file look.txt will open on your Desktop, please post the contents in your next reply.

@echo off
regedit.exe /e “%userprofile%\Desktop\look.txt” “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Kbdclass”
Notepad.exe %userprofile%\Desktop\look.txt
Del look.txt
Del %0

Did you have troubles with the instructions I provided? There should have been a log created on your Desktop for you to attach. :slight_smile:

Sorry, thought I’d managed it…that was what you gave me! ;D Yes, said I couldn’t save it to that location (All Files), eventually I did save it, but when I clicked on the file a black screen momentarily appeared then vanished.

Well today my computer became slow and unresponsive (it’s low on RAM) and my profile page was re-directed to: http://agrifarma.com/p/as?64206 before Avast could kick in to stop it (first time that has happened) and I then received a WOT red warning on it.

Please download TDSSKiller.zip

[*]Extract it to your desktop
[*]Double click TDSSKiller.exe
[*]when the window opens, click on Change Parameters
[*]under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
[*]click OK
[*]Press Start Scan

[*]Only if Malicious objects are found then ensure Cure is selected
[*]Then click Continue > Reboot now

[*]Copy and paste the log in your next reply

[*]A copy of the log will be saved automatically to the root of the drive (typically C:)

I double clicked the TDSSKiller.exe on the desktop, was given a sole option to ‘run’, which I clicked and then nothing happened, I sat with a busy mouse icon for ten minutes with no window showing?

Hi,

Ok give it a run from Safe Mode and if a log is made attach it. :slight_smile:

Just followed online advice here to rename it: http://www.bleepingcomputer.com/forums/topic372491.html, it has worked…scan box is now showing. :slight_smile:

It says: No threats found. How do I find a copy of the log please? I can see it on the scan details, but can’t copy it.