Url:MAL infection

Since yesterday, I’ve been getting this popup from Avast!. I’d insert the image, But I’ve no idea how, so I’m attaching it instead

Scanning with Avast! found nothing, following these instructions: http://forum.avast.com/index.php?topic=53253.0 , I ran adwcleaner which seemed to do nothing, malwarebytes seemed to find nothing, and I don’t really know how to interpret what OTL found/did, but I did as I was told.

I have all the logs ready, but I’m not sure if I should just paste their contents in a post or attach them to a post.

Any help on how to proceed would be greatly appreciated

Thanks,
Devin

Attach the OTL log please

Here it is!

And thanks for the help!

I’ve also just finished the aswMBR scan and have the log. in case you need that as well, I’ve attached it

Methinks I have it - let me know if this stops it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
O4 - HKU\S-1-5-21-2290715024-3380376939-3893637218-1000..\Run: [e35] C:\Users\Devin\AppData\Roaming\f54e\e35.js ()
[2012/10/01 18:14:19 | 000,000,000 | RHSD | C] -- C:\Users\Devin\AppData\Roaming\f54e
[2012/10/01 18:14:19 | 000,000,000 | RHSD | C] -- C:\f4365

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Ok! Will Do! :smiley:

Looks like it did the trick! I’ll have to wait and see if the popup comes back, as it happens randomly (i.e. nothing I do seems to trigger it), but another symptom my pc was having, the system restore being unable to open (just like malwarebytes, until I changed the file name to something nonsensical like wipwip) seems to be fixed!

Thank you so much for your help! I was worried I might have to endure that warning bell and popup forever!

Devin

Is there any chance you could tell me what was actually happening to my pc based on what the OTL log told you?

A java script was installed on your system at this time 2012/10/01 18:14:19 probably an infected page or driveby

It was installed to run as a start key

If all is OK tomorrow let me know and I will remove my rubbish ;D

I forgot is system restore working now ?

I haven’t tried to do a system restore, but it actually opens now, which it wouldn’t before (would close again in a split second)
I’m just noticing the final part of your instructions to put the log after another quick scan, and that I forgot to do that. Here it is!

Hmmthe run key is still there, lets try once more

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
O4 - HKU\S-1-5-21-2290715024-3380376939-3893637218-1000..\Run: [e35] C:\Users\Devin\AppData\Roaming\f54e\e35.js File not found
[2012/10/02 18:18:21 | 000,000,000 | RHSD | C] -- C:\Users\Devin\AppData\Roaming\f54e
[2012/10/02 18:18:21 | 000,000,000 | RHSD | C] -- C:\f4365

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Ok, SO I’ve run OTL again. Here’s the log

How is the computer behaving now ?

Perfect as far as I can tell!

OK the OTL version you have has a glitch within the cleanup routine, so we will not use that as an uninstall route. You will have to manually uninstall it I am afraid. Delete the programme from your desktop and the C:_OTL folder

Run AdwCleaner and press the uninstall button

Alright, both of those are done! What next, boss?
:wink:

Subject to no further problems you are good to go ;D

Great! Thanks for all your help!