is there anyway someone can help me get rid of this virus…ive ran both the malwarebytes and ots downloads…but its still popping up on my avast warnings and still redirecting me
Essexboy is notified…
he is usually in here from 08:00pm - 11:59pm UK time
@celtic_crossing1975
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3038147022-3846470096-3322562731-1000\] > -> HKEY_USERS\S-1-5-21-3038147022-3846470096-3322562731-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Modified Within 30 Days]
NY -> ~38067960 -> C:\ProgramData\~38067960
NY -> ~38067960r -> C:\ProgramData\~38067960r
NY -> 38067960 -> C:\ProgramData\38067960
NY -> 7E3A.568 -> C:\Users\carol\AppData\Roaming\7E3A.568
[Files - No Company Name]
NY -> ~38067960 -> C:\ProgramData\~38067960
NY -> ~38067960r -> C:\ProgramData\~38067960r
NY -> 38067960 -> C:\ProgramData\38067960
NY -> 7E3A.568 -> C:\Users\carol\AppData\Roaming\7E3A.568
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!
All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS\S-1-5-21-3038147022-3846470096-3322562731-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-3038147022-3846470096-3322562731-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
[Files/Folders - Modified Within 30 Days]
File C:\ProgramData~38067960 not found!
File C:\ProgramData~38067960r not found!
File C:\ProgramData\38067960 not found!
File C:\Users\carol\AppData\Roaming\7E3A.568 not found!
[Files - No Company Name]
File C:\ProgramData~38067960 not found!
File C:\ProgramData~38067960r not found!
File C:\ProgramData\38067960 not found!
File C:\Users\carol\AppData\Roaming\7E3A.568 not found!
[Empty Temp Folders]
User: All Users
User: carol
->Temp folder emptied: 184581 bytes
->Temporary Internet Files folder emptied: 1030296 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 470 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49554 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.00 mb
[EMPTYFLASH]
User: All Users
User: carol
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTS Restore Point
< End of fix log >
OTS by OldTimer - Version 3.1.44.0 fix logfile created on 07072011_130044
Files\Folders moved on Reboot…
C:\Users\carol\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\carol\AppData\Local\Temp~DF17D812D6DF0F827D.TMP not found!
File\Folder C:\Users\carol\AppData\Local\Temp~DF1B0BEF3B91F9BB4A.TMP not found!
File\Folder C:\Users\carol\AppData\Local\Temp~DF30CAF70597E7F622.TMP not found!
File\Folder C:\Users\carol\AppData\Local\Temp~DF3722B3F469BD5135.TMP not found!
File\Folder C:\Users\carol\AppData\Local\Temp~DF5DF534D25C91779A.TMP not found!
File\Folder C:\Users\carol\AppData\Local\Temp~DF744C5A7A2CF63C01.TMP not found!
File\Folder C:\Users\carol\AppData\Local\Temp~DF9F91012669441A98.TMP not found!
File\Folder C:\Users\carol\AppData\Local\Temp~DFA3F8373DD821E576.TMP not found!
File\Folder C:\Users\carol\AppData\Local\Temp~DFE09CE4CFF8D07DD9.TMP not found!
File\Folder C:\Users\carol\AppData\Local\Temp~DFFE3A7FC559893065.TMP not found!
C:\Users\carol\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\Windows\temp_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot…
theres the new notepad text…im still getting the malicious url blocked message on my avast warnings box…
OK next look
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it
Click the “Scan” button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR2-1.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
this is the scan text from the aswmbr download
Avast found a series of suspicious files - so onto the next stage
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[]Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
it never produced a log for me…i ran it a cpl times…but still never got a log produced
OK lets run a slightly different programme
Please read carefully and follow these steps.
[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
[*]If an infected file is detected, the default action will be Cure, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.
it said there was no infected files found…but im still getting the pop up on my avast alert about the malicious url blocked
Same here… ???
Could you retry Combofix please - from safe mode if needed, as the log will give me a look at the drivers