I tried both Firefox and Google Chrome but if I try to access Megaupload.com I get a warning that Avast! has blocked Url:Mal (I’ve tried adding the links it shows into Avast’s address blocker but a different address comes up every time). Anyway I’ve run anti-malware bytes (which I uninstall and can’t reinstall because it hangs during updates) and Super anti-spyware and removed some stuff (mostly tracking cookies). I run a boot scan with Avast which removed some stuff as well, however I seriously doubt I’m out of the woods since the Avast! message still comes up when I go to Megaupload.
Can you obtain aswMBR log too?
quote author=essexboy]
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it
Click the “Scan” button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR2-1.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
Here are the results of the scan.
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL O33 - MountPoints2\{615c8dcb-cf09-11dd-b547-0022690f5cff}\Shell\AutoRun\command - "" = nideiect.com O33 - MountPoints2\{615c8dcb-cf09-11dd-b547-0022690f5cff}\Shell\explore\Command - "" = nideiect.com O33 - MountPoints2\{615c8dcb-cf09-11dd-b547-0022690f5cff}\Shell\open\Command - "" = nideiect.com O33 - MountPoints2\{615c8dce-cf09-11dd-b547-0022690f5cff}\Shell\AutoRun\command - "" = nideiect.com O33 - MountPoints2\{615c8dce-cf09-11dd-b547-0022690f5cff}\Shell\explore\Command - "" = nideiect.com O33 - MountPoints2\{615c8dce-cf09-11dd-b547-0022690f5cff}\Shell\open\Command - "" = nideiect.com [2011/07/12 09:47:35 | 000,001,610 | -HS- | M] () -- C:\Documents and Settings\Shaun\Local Settings\Application Data\5rsib6l462hk4lw57 [2011/07/12 09:47:35 | 000,001,610 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5rsib6l462hk4lw57 [2011/07/12 07:44:20 | 000,000,305 | ---- | M] () -- C:\WINDOWS\System32\secushr.dat:Files
ipconfig /flushdns /c
C:\Documents and Settings\Shaun\Local Settings\Application Data\5rsib6l462hk4lw57
C:\Documents and Settings\All Users\Application Data\5rsib6l462hk4lw57:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Here are the results of the scan.
I would like to confirm that your MBR is a custom one, could you also attach the combofix log please
Download MBRCheck.exe to your Desktop. Run the application.
If no infection is found, it will produce a report on the desktop. Post that report in your next reply.
If an infection is found, you will be presented with the following dialog:
[QUOTE]Enter ‘Y’ and hit ENTER for more options, or ‘N’ to exit:
[/quote]
Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
Here are the results.
Are you still experiencing the same problem ?
Yes, it seems that the url:mal is gone, but Firefox still won’t download from megaupload whereas Chrome will (I’ll try re-installing it and asking at the mozilla forum about the issue). Thanks for the removal instructions essexboy.
You have a flash drive or memory card?
Logs indicate infections via USB drive.
Install the program http://amf.mycity.rs/programs/mc/mcshield/
Then plug the USB drive and wait for it to finish scanning.
If the USB drive is infected, the log file will appear on your desktop.
Original path log file - Start / All programs / MCShield / logs / all scans
Please attach the log.
I only have 3 usb sticks but I only really use one of them since it’s got 8Gbs of storage. All drives were clean.