URL : Mal warnings on chrome

Viruses and worms
1

Every time i open a new tab or redirection on google chrome i get this warning from avast!

http://imagizer.imageshack.us/v2/800x600q90/600/ivs3.jpg

Anything i can do?

2

Attach Malwarebytes and OTL logs http://forum.avast.com/index.php?topic=53253.0

3

So i downloaded Malwarebytes and after a quick scan, those were the results…only the last two threats are checked and i dont know know what to do or not do.

http://imagizer.imageshack.us/v2/800x600q90/571/ckwm.png

4

Select everything and click remove.

Post the log that opens up here.

5

It’s spyware tracking your browsing and shopping behaviour. Can even read keyboard input and therefore it’s dangerous. Right-click an item, chose “select all” and click the remove button.
http://www.file.net/process/rlls.dll.html

6

Removed everything, system restarted and i am still getting the same warning

Here’s the log attached. Thanks for all your help!

7

Thats why we need the OTL log so the malware expert can remove the rest…

8

Yes here it is! Sorry for the delay

9

Malware experts are in bed now…check back tomorrow

10

A quick look shows:

  • Babylon(toolbar)
    • GreatSaver extension
    • Conduit
    • YourFileDownloader
      Are all malware. Use a full scan by Malwarebytes and if that’s not enough run Adwcleaner and/or JRT and/or ComboFix. Each one should be able to remove these (common/widespread) malware items.

Also there are 1; Traces of Comodo, could cause problems in combination with Avast. and 2; remnants of a previous ESET installation. It might be best to use each software’s tools to remove all traces to prevent conflict with Avast.

11

Firefox is also hijacked

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=nikos&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1914918306-1925374829-2261813567-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=nikos&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1914918306-1925374829-2261813567-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=230512_54x&babsrc=SP_ss_cr&mntrId=3c933fd600000000000000241d1ce80b
IE - HKU\S-1-5-21-1914918306-1925374829-2261813567-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
2014/01/20 01:48:42 | 000,000,000 | ---D | M] (greatssaver) -- C:\Users\???st??\AppData\Roaming\mozilla\Firefox\Profiles\776kbsp3.default\extensions\ouoorzvc@ye-fw.org
[2010/11/18 22:16:20 | 000,002,055 | ---- | M] () -- C:\Users\???st??\AppData\Roaming\mozilla\firefox\profiles\776kbsp3.default\searchplugins\daemon-search.xml
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKU\S-1-5-21-1914918306-1925374829-2261813567-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1914918306-1925374829-2261813567-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
[2014/01/20 01:41:59 | 000,000,000 | ---D | C] -- C:\Users\???st??\AppData\Local\Torch
[2014/01/20 01:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\fd27c6c3135993b5
[2012/06/04 21:19:58 | 000,000,000 | ---D | M] -- C:\Users\???st??\AppData\Roaming\Babylon
[2012/06/04 21:20:16 | 000,000,000 | ---D | M] -- C:\Users\???st??\AppData\Roaming\BabylonToolbar

:Files
C:\Users\???st??\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjlancnfnkigppbbdajmfjjnipamiobb
C:\Program Files (x86)\BabylonToolbar

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

FINALLY

Please download Junkware Removal Tool to your desktop.

[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[]post the contents of JRT.txt into your next message.