Monitoring… 
In what folder do I find these txt file? In chome folder dont seem to be a log.txt file
To get assistance please create your own topic in the virus forum. This will ensure that you get answered and helped as soon as possible and do not get overlooked in an old thread. Thank you
the topic is opned, should i post the logs here?
Yes post the logs here.
I have also looked at AVAST folder and it does not seem to be a log.txt file
And of course. THANKS AGAIN FOR THE HELP
Hi 4444,
Just follow these instructions. The logs will automatically be made when the scans are complete. Just save them to your Desktop and then attach them to your next reply.
[*]Download OTL to your desktop.
[*]Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]When the window appears, underneath Output at the top change it to Minimal Output.
[*]Check the boxes beside LOP Check and Purity Check.
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
[*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Please download aswMBR to your desktop.
[*]Right click and Run as Administrator the aswMBR icon to run it.
[*]Click the Scan button to start scan.
[*]When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan-1.png
Click the image to enlarge it
In your next reply please post the logs made by OTL and aswMBR.
For your logs for malwarebytes, open malwarebytes and then click on the logs tab.
Hi 4444,
I’ve looked at the source of your site, and most of it is obfuscated and merged together, making my job harder. :-\
But, when visiting the site directly, the supposedly obfuscated coding turns out to shine light.
A search for this “msplinks” keyword reveals 29 instances.
Lines 331 and 334 contain the first redirect, given here:
http://wepawet.iseclab.org/view.php?hash=3b77f4196c20617f5768b96bab505453&t=1333317231&type=js
Lines 355 and 357 contain the second redirect.
Lines 368 and 372 contain the third redirect.
And lines 395 and 398 contain the fourth redirect.
VirusTotal results clean, but then again the redirect is from another redirect.
Do you know of how these supposed “movies” got on your website?
Dont understand about the word “movies” but in general, Ive got the myspace normal settings and some reverbvation widgets taken directrly from reverbnation www.reverbnation.com . Just copy and paste the code from reverbnation.com
I can attach the code:
EDIT-- THE CODE IS ATTACHED IN PAGE 4
NOTE: This code is the exactly code reverbnation.com gives, I think myspace recodes it in some way. If you are interested I can give the “recoding” of myspace
Here are the logs
I could not get the log from malwarebytes, becouse each time malwarebytes was scanning “microsoft build task resources/2.0.0._p…” the program sttoped and did not finish. malwarebytes always stops in the same place wiyhout finishing
now thats alot of redirects
Were you able to get aswMBR ran yet as well?
One thing that they all have in common is the c.gigcount url. This is not shown in the redirect urls, giving a major hint. If you are certain that all the coding you used from that site is given, Reverbnation does not seem to be the culprit. It is a possibility that your site was hacked.
And yes, MySpace recodes all scripts that you feed it.
4th time I tried to run aswMBR a friendly blue screen came rebooting my computer, this time not knowing when the soft stops. The soft always starts…
Its a posibilyty to be hacked of course…
I retyped the codes again and changed my pass before yesterday…
yesterday there was no AVAST popup showing virus…
Today the popups came again
Today I typed again the codes and changed my pass again and still having the avast virus popup
I suggest changing your passwords on a different computer and don’t logon to myspace on the computer being stubborn with aswMBR.
I’ll report back tomorrow as it’s around 10 pm here.
I agree with Donovan…for the time being try not to use this computer for any banking or email purposes and don’t download anything else besides what you are instructed to do here.
Please download TDSSKiller
[*]Right-click and Run as Administrator TDSSKiller.exe
[*]Press Change Parameters
[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
[*]Click on the Start Scan button
[*]Only if Malicious objects are found then ensure Cure is selected
[*]Then click Continue > Reboot now
[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
[*]Copy and paste the log in your next reply
[*]A report will be created in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste its contents on your next reply.
Done, changed pass and retyped all the codes from another computer… still popup virus in my computer.
The other computer I changed my pass and retyped the codes was a windows xp using chrome with the same AVAST installed. No virus popup message in that computer (XP one).
I come back to my computer and the same virus detected
Done, 2 objects in quarantee, log attached.
Actual detected object count: 2
04:06:01.0629 3536 C:\Windows\system32\epmntdrv.sys - copied to quarantine
04:06:01.0639 3536 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
04:06:01.0669 3536 C:\Windows\system32\EuGdiDrv.sys - copied to quarantine
at least your getting somewhat near fixing this
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
I messed this step, Ive put them both to quarantee. How do I solve it?
and again thxs for the help
was cure avaliable?