repeating popup 'malicious url block'

Viruses and worms
1

Hi all,

The past hour, a popup appears on my screen every few seconds. It’s a message saying that a malicious url has been blocked. Since there’s also been installed a file on my desktop called null0.536681318295702.exe

Can anyone tell me what to do, so that this problem get’s fixed?

Many thanks!

2

Check for malware with this

Malwarebytes Anti-Malware 1.50.1 http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have the latest signatures before you scan
click on the remove selected button to quarantine anything found

post the scan log here

3

Hi Pondus,

Tusen takk :slight_smile: I read some earlier entries and already installed malwarebytes. The problem seems to’ve been solved now.

Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org

Databaseversie: 6462

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

28-4-2011 11:13:07
mbam-log-2011-04-28 (11-13-07).txt

Scantype: Snelle scan
Objecten gescand: 185560
Verstreken tijd: 6 minuut/minuten, 31 seconde(n)

Geheugenprocessen geïnfecteerd: 5
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 10
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 8

Geheugenprocessen geïnfecteerd:
c:\Users\Elmer\Desktop\null0.536681318295702.exe (Trojan.FakeAlert) → 1948 → Unloaded process successfully.
c:\program files (x86)\Intel\intel matrix storage manager\DEU\fromplugin.exe (Trojan.FakeAlert) → 4572 → Unloaded process successfully.
c:\program files (x86)\Citrix\ica client\resource\en\citrixwfcrun32.exe (Trojan.FakeAlert) → 4684 → Unloaded process successfully.
c:\program files (x86)\common files\microsoft shared\Help\1041\microsoftrhelp2.05.50727.210.exe (Trojan.FakeAlert) → 4944 → Unloaded process successfully.
c:\program files (x86)\common files\microsoft shared\Help\1041\microsoftrhelp2.05.50727.210.exe (Trojan.FakeAlert) → 2428 → Unloaded process successfully.

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\onderwater (Trojan.FakeAlert) → Value: onderwater → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\onderwater (Trojan.FakeAlert) → Value: onderwater → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\EventRaidWizCnG (Trojan.FakeAlert) → Value: EventRaidWizCnG → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VDZLCNClient11.0.0.5357 (Trojan.FakeAlert) → Value: VDZLCNClient11.0.0.5357 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicrosoftRHelp20550727210Help (Trojan.FakeAlert) → Value: MicrosoftRHelp20550727210Help → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\MicrosoftConverters (Trojan.FakeAlert) → Value: MicrosoftConverters → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\resourcesresourcesSilverlight4.0.60310.04.0603100000 (Trojan.FakeAlert) → Value: resourcesresourcesSilverlight4.0.60310.04.0603100000 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\IntelRFrameworkSetup (Trojan.FakeAlert) → Value: IntelRFrameworkSetup → Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\idln2 (Malware.Trace) → Value: idln2 → Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) → Value: bk → Quarantined and deleted successfully.

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
c:\Users\Elmer\Desktop\null0.536681318295702.exe (Trojan.FakeAlert) → Quarantined and deleted successfully.
c:\program files (x86)\Intel\intel matrix storage manager\DEU\fromplugin.exe (Trojan.FakeAlert) → Quarantined and deleted successfully.
c:\program files (x86)\Citrix\ica client\resource\en\citrixwfcrun32.exe (Trojan.FakeAlert) → Quarantined and deleted successfully.
c:\program files (x86)\common files\microsoft shared\Help\1041\microsoftrhelp2.05.50727.210.exe (Trojan.FakeAlert) → Quarantined and deleted successfully.
c:\program files (x86)\common files\microsoft shared\TextConv\workswkwpqd.exe (Trojan.FakeAlert) → Quarantined and deleted successfully.
c:\program files (x86)\microsoft silverlight\4.0.60310.0\no\resourcesresources.exe (Trojan.FakeAlert) → Quarantined and deleted successfully.
c:\program files (x86)\Intel\intel matrix storage manager\uninstall\Lang\Storage\HUN\frameworksetup.exe (Trojan.FakeAlert) → Quarantined and deleted successfully.
c:\Users\Elmer\AppData\Local\Temp\jar_cache2369994962972616263.tmp (Trojan.FakeAlert) → Quarantined and deleted successfully.

4
Tusen takk
Tysk..snakker norsk ?

run a new quick scan and see if you get a clean log…problem gone ?