Truminfi.com

Hi!
any idea what this is and why avast is blocking it every few minutes?
and how can i remove it?
thank you :slight_smile:

If you can post an image of the avast alert it will give us more information ?

What are you doing at the time this happens ?

What is your operating system and browser, etc. ?

The domain is one that avast considers malicious, see image, is this the same sort of image ?

Umm, how can i do that?

it happens every few minutes, even when i’m not in the net.

Win 7, firefox ver. 3.6.15

yes, it’s exactly like that, the web address is a lot longer, filled with numbers.
oh wait, it says that process is explorer.exe

You have to have some image capture software or printscreen and crop the image and save the image file. Then attach it to your post, additional Options on the reply window.

  • When you click the Reply button, there is an Additional Options link, this expands the options to attach a file, that can be an image file or a text file (.log or .txt). Also see How to post an Image.

U can see the web address on the bottom of the screen, right?

Looks like either a proxy malware or a dns hijack

Download OTS to your Desktop and double-click on it to run it

[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.

clear all private data in the browser that you use and restart it. Then use CCleaner to clear what’s left may be and temp folders content. This should get you rid of the issue.

edit: okay Essexboy posted in the meantime and sees potentially something else :wink:

like this?

Yep - this will also flush out all your temps for you. After reboot let me know if you still get the alerts

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< Run [HKEY_USERS\S-1-5-21-954531041-2713293074-437339881-1000\] > -> HKEY_USERS\S-1-5-21-954531041-2713293074-437339881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "Stenabefogufagel" -> C:\Users\TT\AppData\Local\atPSNlev.dll [rundll32.exe  "C:\Users\TT\AppData\Local\atPSNlev.dll",Startup]
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
  

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

like this?

Have you turned off your system restore ?

Are you still getting the alerts ?

umm…i’m not sure about that system restore.
nope, no more alerts :smiley:

Ok that one is cleared - reference the system restore could you try to create one and let me know what error you get

Created a system restore point, didnt get any errors :slight_smile:

OK thanks - run OTS and hit the cleanup button and it will disappear ;D

Thanks for your help all ! :smiley:

Stick around and enjoy

Hi!

I have the same problem with truminfi.com
I tried to do what suggested in the forum with OTS but after the reboot the allerts keep popping up.
Moreover, I use always firefox as browser, but the affected process is c:\windows\explorer.EXE
What can I do?
I attach the OTS natepad file that appears right after the scan, and also the one that appears after the fix.
Please help me!

Hi the fix would not work for you as each one is specific to that machine

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} [HKLM] -> Reg Error: Key error. [QuickNet BHO]
< Run [HKEY_USERS\S-1-5-21-1022177476-2724221402-4097892894-1000\] > -> HKEY_USERS\S-1-5-21-1022177476-2724221402-4097892894-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "Hgetahogevo" -> C:\Users\monica\AppData\Local\KBDAgfs.dll [rundll32.exe  "C:\Users\monica\AppData\Local\KBDAgfs.dll",Startup]
[Files/Folders - Created Within 30 Days]
NY ->  temp(17) -> C:\Users\monica\AppData\Local\temp(17)
NY ->  Mendeley Ltd -> C:\Users\monica\AppData\Local\Mendeley Ltd
NY ->  KBDAgfs.dll -> C:\Users\monica\AppData\Local\KBDAgfs.dll
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
  

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

here is the file after the fix-all.

when the system rebooted, a error window appeared, with written :
ERROR LOEADING
C:\Users\monica\AppData\local\KBDAgfs.dll

I have no idea of what that means…