Hiya!

I was reading a thread that I’mn having the same issue with.

Web shield is popping up all day every day~ ‘blocked a harmful webpage or file’.

Object: Http: //greenpzone.net/task/2000/ , http: //rbrasboingz.info/task/2000/ , http: //zentallor17.com/task/2000/

to name a few. there are a ton of them, but they do seem to end in /task/2000/ consistently.

Process: C:\Windows\system32\svchost.exe

I also have the rpcss.dll infection of Win64/Patched.B and have been through another forum trying to remove them unsuccessfully. But I noticed you using some different tools as well as replacing the infected dll with a fresh copy of rpcss.dll (which I already downloaded using a link here).

I posted some logs I’d made previously down below, forgive the mess.

When you reply to a post select attachments and other options. Then select browse to locate the file you wish to attach

thanks!

(sorry if these are too much or not needed, I just wanted you all to see what I had so far. I also apologize if it’s a mess due to trying to fix this already)

Hi we will start with MBAR and then progress to combofix

Please download Malwarebytes AntiRootkit and save it to your desktop.

Full instructions how to use MBAR
Please note: This is a beta version so please be sure to read the disclaimer and note of it.

• Unzip/unrar MBAR in a folder to your Desktop and MBAM shall run …

• Click on Next > then on Update button to download fresh definitions.

https://dl.dropboxusercontent.com/u/73555776/mbar_update.JPG

• When database updates click Next

• In the following window ensure “Targets” scan for Drivers; Sectors; System are ticked. Then select “Scan button”

https://dl.dropboxusercontent.com/u/73555776/mbarscan.JPG

• If an infection/s are found ensure “Create Restore Point” is checked, then select the “Cleanup Button” to remove threats.
Or if you are sure any entries should be kept, just untick them. A list of infected files will be listed.

• The Clean up procedure will be Scheduled for process.
• When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.

Please attach the two following logs from the mbar folder:

system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now