URL: Mal Warnings only when in Yahoo.com - Infected?

Viruses and worms
1

Hi, I’ve been getting numerous Avast! URL:Mal warnings over the past few days, only when I am in my Yahoo.com email account and I think only when I’m in the Spam folder (I never open the emails in Spam I just go in there to select all and delete - this is when the Avast! URL:Mal warnings pop up - example here:

http://i39.servimg.com/u/f39/12/06/30/71/url_ma10.jpg

full address: hxxp://216.21.220.72/ia?id=3449d3b8a86774307f87dfb55daca110 but I think this changes a bit each time the warning pops up.

I have Windows 7 64bit and only have Internet Explorer 11. Security software I run regularly: Avast! , Malwarebytes , Superantispyware , Spyware Blaster

If anyone could help get rid of this URL:Mal that would be very much appreciated.

LOGS: below & attached

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/08/2014
Scan Time: 09:25:36
Logfile: MBAM Scan Log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.20.02
Rootkit Database: v2014.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rupert

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290618
Time Elapsed: 2 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

2

does it go away when you empty the spam folder?

removal team is notified, it may take some hours before they are online

3

Thanks Pondus I will try and test this. But the spam folder is rarely empty for long! Do you mean does the warning disappear immediately I delete all spam?

4

Hello,

The logs shows a few malware-based system modification but I do not see the active malware itself. We shall fix these modification and preform the additional scan&check with ComboFix as well.

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Start
Folder: C:\ProgramData\TEMP
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
HKU\S-1-5-21-35449597-141717237-3983173158-1001\Software\Classes\.exe:  =>  <===== ATTENTION!
EmptyTemp:
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

.

  1. Please download ComboFix by sUBs (
    http://www.mcshield.net/personal/magna86/Images/IconComboFix.png
    ) from here and save it to your Desktop.
    [i]If you are unsure how ComboFix works, read this guide.
  1. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
    If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:
• Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
• In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.

  1. Run ComboFix. Then, on disclaimer window, click I Agree! button.

[i][size=7pt]- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.

  • ComboFix will scan your computer in stages, total of 50 stages.
    Do not mouse-click around while ComboFix is running.
  • If malware is detected, ComboFix will begin with its removal, and may need to restart Windows.
    Note:If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
    [/i]
  1. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt)
    => Attach log report (ComboFix.txt) back to topic.

ComboFix shall also create addition log (typical location: C:\Qoobox\ComboFix-quarantined-files.txt)
=> Please attach that report (ComboFix-quarantined-files.txt) as well.

5

Hi Magna, thanks for your rapid help. I’ve fixed with FRST64 and run ComboFix (logs attached).

Some further info from a bit of testing in my Yahoo.com email account. I’m pretty sure the Avast Web Shield warning only comes up as soon as I go into the Spam folder (before I’ve clicked on anything), it doesn’t come up if the Spam folder is empty, and seems to only come up when specific Spam emails are in there.

6

Your PC is not infected and problem you have is not malware related. Try simply deleting the spam folder. I will remove my tools now.

The following will implement some post-cleanup procedures:

=> It is necessary to uninstall ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

7

All done, thank you most kindly Magna…