Hi all!
i’m new user from italy
i’ve read this guide and i created log file from OTS (here http://www.mediafire.com/?0j4jlw9pp3jl56q )
I hope you can help me to remove this url:mal from 64.111.211.158 that’s is annoying me.
Hi all!
i’m new user from italy
i’ve read this guide and i created log file from OTS (here http://www.mediafire.com/?0j4jlw9pp3jl56q )
I hope you can help me to remove this url:mal from 64.111.211.158 that’s is annoying me.
please post ComboFix.txt into your next reply.
(typical location: C:\ComboFix.txt )
this is the log of combofix http://www.mediafire.com/?ip6aozx7w8mrcan
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the RUN FIX button
[Unregister Dlls]
[Files/Folders - Created Within 30 Days]
NY -> 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Files/Folders - Modified Within 30 Days]
NY -> 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Files - No Company Name]
NY -> ativpsrm.bin -> C:\Windows\ativpsrm.bin
[File - Lop Check]
NY -> SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[Reboot]
The fix should only take a very short time. After reboot,please post the following report/log into your next reply
delete your copy combfix, and download new copy from here
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
-Temporarily disable your AntiVirus/Antispyware program.
-Run ComboFix
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Post log reports ( ComboFix.txt) back to topic.
NY -> 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp [Files/Folders - Modified Within 30 Days] NY -> 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp NY -> SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXTWhy are you removing these ? Where did you train with OTS ?
ok.
I’ve done all :o
This is my new Log of ComboFix (see attached file).
Now the Url:mal seems to be fixxed.
But i’ve another problem, Google Chrome doesn’t work (IE works), I already tried uninstalling and reinstalling and it did nothing… also i can’t go in the option’s page of chrome :S
ok…you must uninstall combfix
start/search/ copy this into empty field comofix /uninstall klick enter
start OTS >klick on clean up
for google crome
Can you describe in more detail, by mistake occurs
sorry but URL:Mal is back
ok,then this looks like a tdss rootkit.try this:
*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i1116.photobucket.com/albums/k567/com155/kastdsskiller.png
[*]If an infected file is detected, the default action will be Cure, click on Continue.
http://i1116.photobucket.com/albums/k567/com155/kastdsskiller1.png
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i1116.photobucket.com/albums/k567/com155/kastdsskiller-1.png
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.
THEN READ THIS CAREFULLY AND FOLLOW THE STEPS:
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the RUN FIX button
[Unregister Dlls]
[Registry - Safe List]
NY -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3295999096-4066887843-2553295482-1003\]
NY -> HKEY_USERS\S-1-5-21-3295999096-4066887843-2553295482-1003\: Main\\"Start Page" -> http://www.google.it/ ->
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[Reboot]
The fix should only take a very short time. After reboot,please post the following report/log into your next reply