URL:Mal Pop-up Problem, need help!

system · January 18, 2014, 12:53pm

Hello,

I keep getting this URL:Mal pop-up (see the picture). I dont even have to be using any browser, they pop-up when i am on the desktop doing nothing.

I need help fixing this please.

I have done the steps with MBAM and OTL that is told on http://forum.avast.com/index.php?topic=53253.0
I attached the logs that is said.

Thank you in advance for the help.

avastuser3796 · January 18, 2014, 1:06pm

Remover notified. Sit tight

magna86 · January 18, 2014, 3:17pm

Hi Twinkshuck,

Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

system · January 18, 2014, 3:51pm

Thank you Alan.

Hello Magna,
I have attached both.

magna86 · January 18, 2014, 5:45pm

Hi,

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Start
C:\Users\Jesper\AppData\Local\Owdfics\wxpMobileFactory.dll
C:\Users\Jesper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe
C:\Users\Jesper\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
C:\Users\Jesper\AppData\Local\Owdfics
C:\Users\Jesper\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Jesper\AppData\Local\Temp\_is1652.exe
HKCU\...\Run: [Owdfics] - regsvr32.exe C:\Users\Jesper\AppData\Local\Owdfics\wxpMobileFactory.dll <===== ATTENTION
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR Extension: (S\u00F6k p\u00E5 Google) - C:\Users\Jesper\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-16]
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: DEL %WINDIR%\TEMP\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
CMD: RD /S /Q %WINDIR%\TEMP
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

system · January 18, 2014, 7:04pm

Attached it!

By the way, thank you very much for helping Magna!

magna86 · January 18, 2014, 9:46pm

That looks good. Now let’s check if there are any leftovers …

Please download Zoek by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here and save it to your Desktop.
Unpack the archive if you have been download zip or rar …

[*]Close any open browsers and temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*] Click on More Options button and then check the box only for
http://www.mcshield.net/personal/magna86/Images/checkmark.png
AutoClean option.

Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”

system · January 18, 2014, 11:39pm

Attached the result!

magna86 · January 19, 2014, 12:07am

Great, that looks much better now.

Post me fresh FRST.txt logreport and tell me how’s your computer running now? Any malware alerts?

system · January 19, 2014, 12:43am

goood!

It’s running fine now, no malware alerts!

Thank you very much for the help Magna86!

magna86 · January 19, 2014, 1:22am

You are malware free. Posted logs are now appear cleans and show no signs of active infection.

Good workman always cleans up after himself.
• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

• To help AntiVirus to protect your computer and speed it up, I recommend that you download, install and keep the following free programs:

Keep Malwarebytes Anti-Malware, update it regularly or from time to time and run a Quick Scan weekly.
Malwarebytes will detect and remove all traces of known malware. MBAM isn’t AntiVirus and it can NOT replace it.
Keep MCShield Anti-Malware, the tool will be updated regularly and perform auto-checking for malware to each attached USB memory device.
MCShield, has been designed as a lightweight scanner that’s smart enough to catch even new worms and work in fully automatic removal mode.
It’s recommended to delete Temporary Files every once in a while. Run the tool and click on the Start button and TFC will begin to clean. Then restart the computer.
Temp File Cleaner aka TFC by OldTimer
TFC is small & usefull utility that shall clean up temp files from all userprofiles and system folders.

Windows Updates, beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
Widnows XP; Windows Vista; Windows 7 and Windows 8

I recommend you to via Windows Store download the new Window 8.1 system and update it for free. Differences between Windows 8 and Windows 8.1 are huge . . .

system · January 19, 2014, 6:10pm

When i used TFC my computer froze, after 30 mins without anything happening i had to restart the computer by holding in the Power-button. When it restarted i have 3 files on the desktop that can’t be moved? When i try to print screen to show you, in the folder where the pics should end up, there are now txt-files instead of pics? What shall i do?
i’m scared!

i updated to W8,1 now btw.

system · January 19, 2014, 6:35pm

The 3 files on desktop are named: desktop.ini , desktop.ini , thumbs.db

the 2 files in the folder where the pics should end up are called: desktop.ini , thumbs.db

magna86 · January 20, 2014, 1:26pm

Hi, nothing to worry about. TFC sometimes has a problem to shut down Malwarebytes process (or porhaps some other process/program) and Malwarebytes protects its components and that is resulting of lag.

desktop and thumbs are by default hidden Windows files. You can hide this files via this options:
http://www.ricksdailytips.com/view-hidden-files-and-folders-windows-8-1/
http://techmell.info/how-to/view-hidden-files-folders-windows-81/

URL:Mal Pop-up Problem, need help!

Announcements