sindelclick and movieroomreviews

Viruses and worms
1

I am working on a computer that is infected the same way others on here are… 7508.sindelclick.com and cdn1.movieroomreviews.com and cdn3.movieroomreviews.com

The infection is listed as URL:Mal and the process is iexplore.exe

I have attached the logs for your review. Please help! Thanks in advance!

2

Following suggestions made in other posts, here are some additional logs. Thanks again!

3

Our old friend Poweliks this can only be removed manually

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKU\S-1-5-21-497687124-2653008562-940622692-1000\...\MountPoints2: {04d0a28f-9fe3-11e1-8ca7-44850004faf5} - E:\SecSWMgrGuide.exe HKU\S-1-5-21-497687124-2653008562-940622692-1000\...\MountPoints2: {455dcc70-fc02-11e3-a87a-c48508327453} - G:\iLinker.exe HKU\S-1-5-21-497687124-2653008562-940622692-1000\...\MountPoints2: {82d0bb5f-0480-11e4-98dd-8823e1aaf8e7} - D:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-497687124-2653008562-940622692-1000\...\MountPoints2: {974116e5-2ca8-11e3-98d8-c48508327453} - E:\unlock.exe autoplay=true HKU\S-1-5-21-497687124-2653008562-940622692-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! CustomCLSID: HKU\S-1-5-21-497687124-2653008562-940622692-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

4

Thank you. See attached log, as requested!

5

How is the computer behaving now ?

6

I am having the same problem with this pop up.

Avast tells me:
Infection Details:
URL: http://cdn1.moveiroomreviews.com/the...sprites_v2.png

Infection: URL: Mal

Process: C:\Program Files\Internet Explorer \iexplore.exe

Other URLs that have popped up are sindelclick.com and more movieroom reviews links with cdn3.movieroomreviews.com, etc.

Anything I can do for it?

7

Please start your own topic and post your logs there: https://forum.avast.com/index.php?action=post;board=4.0