avast has been popping up almost nonstop, informing me of virus blocks by an infection called URL:MAL. I have tried a few different virus scans on malwarebytes, AVG, and Avast. I have also used a program called Combofix, that seemed to work for a day or so and the same issues returned, I have run out of ideas can anyone offer some help?
This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.
here are the 3 logs from OTL and aswMBR
I have also used a program called Combofix,if you have the log....attach it
some combofix info Please DO NOT USE COMBOFIX on your own without supervision!!!
http://www.techsupportforum.com/forums/showpost.php?p=1829551
http://www.bleepingcomputer.com/forums/topic273628.html
.......AVG, and Avast..........never install multiple AV
why you can see here in reply from quietman7
http://www.bleepingcomputer.com/forums/topic186533.html
so you need to uninstall one, and run a removal tool to clear any conflicting files
run and reboot - Uninstallers – Security Software - http://singularlabs.com/uninstallers/security-software/
Hi there I will need to do some more digging on this one as it appears to be a hybrid infection
I see that you have combofix, did it fail to run ?
Download the latest version of TDSSKiller from here and save it to your Desktop.
[*]Doubleclick on TDSSKiller.exe to run the application
http://dl.dropbox.com/u/73555776/TDSSFront.JPG
[*]Then click on Change parameters.
http://dl.dropbox.com/u/73555776/TDSSConfig.JPG
[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
[*]Click the Start Scan button.
[*]If a suspicious object is detected, the default action will be Skip, click on Continue.
http://dl.dropbox.com/u/73555776/TDSSFound.JPG
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
[*]Get the report by selecting Reports
http://dl.dropbox.com/u/73555776/TDSSEnd.JPG
[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
Yes I found combofix while I was poking around either this forum or another I cant remember. I gave it a try, it seemed to work, but after a day or 2 the issues returned.
here are the 2 logs from when i ran combofix
I forgot to get the report for the TDSSKiller, but i reran it it after my computer rebooted and there was no infection, ontop of the fact that my computer is back to normal speed. Thank you soooo much for your help, if i have anymore issues i will definatley come back here. i will check back in a few days to let you know if i am still going strong.
Let me know of any problems after this
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Open notepad and copy/paste the text in the quotebox below into it:
FCopy:: c:\windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll|c:\windows\system32\user32.dll c:\windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe|c:\windows\system32\winlogon.exeSave this as [b]CFScript.txt[/b], in the same location as ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
yeaaaa im using my tablet to post this one after that combofix scan it deleted like 40 .exe files i cant access the internet to redownload anything now im even more lost i tried a system restore but that didnt work. im really not sure what to do right now
after running combofix did you reboot twice ?
wait for essexboy instructions…
no i freaked out cause i couldent open anything, and i ran a system restore. I have discovered that i can open internet explorer, aparently combofix didnt deem it as infected so i can atleast post the logs from the scan
here are the 4 txt docs that appeared after the combofix scan
which ones are useful im not quite sure but i figured i would post them all just incase
If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.I think I will need to make this bigger and redder, the amount of people who have restored when they see this, unfortunately that also restores the virus
Could you run a fresh OTL scan for me please… Also how far back did you restore ?
All combofix did was replace two infected system files
i only restored back a day, unfortunatley i cannot run OTL or ComboFix. i have restarted the computer many times since i did the scan and it hasnt cured anything the only issues im having right now are the EXE files i think …i get a popup that says “the application was unable to start correctly (0xc000007b). Click ok to Close the Application.” whenever i try to open most programs
Essexboy will probably still be at work (just after 10:45am in the UK) so it is likely to be a few hours before he is back on-line.
Unfortunately using system restore can have unexpected consequences and it may be that you have undone some of the work previously done.
OK what I will do now is get you to run a portable version of windows all in one this will not require installing and may repair most of the damage
Download Windows Repair (all in one) from this site
Select this version Portable (2.02 MB)
Install the programme then run
https://dl.dropbox.com/u/73555776/waio%20start.JPG
Go to step 3 and allow it to run SFC
https://dl.dropbox.com/u/73555776/waio%20step3.JPG
On the start repairs tab click start
https://dl.dropbox.com/u/73555776/waiostart%20rep.JPG
Select the following items and tick restart system when finished
https://dl.dropbox.com/u/73555776/waio%20rep%20list.JPG
THEN
Run a fresh OTL log
yea hes all im waiting on i have my tablet and other things to occupy my time but im really missing playing League Of Legends, and my fiance misses playing pogo haha
What are the problems after running the repair tool
i didnt notice that last post actually lol i didnt see the 2nd page i was looking at the first page until just now
i downloaded the file, unzipped it and tried to run it but it gives me the same error that i normally get when trying to run any program
i have attatched a screen shot so you can see the exact error im recieving
OK that may be an error involving either Spybot or AVG, I can see AVG remnant on your system so we will ensure that is fully uninstalled
Download the AVG removal tool from here, run in safe mode if necessary http://www.avg.com/ww-en/utilities