URL:Mal

Viruses and worms
1

Hey I’m cleaning a computer out for a friend and he destroyed this thing without having an anti virus and downloading every ad he clicked on, I’ve been able to clean most of it out I believe but I still have a recurring threat detection pop up from avast that reads:

Object: (The name seems to be different every time)
Infection URL:Mal
Process C:\Windows\explore.exe

I looked this up in the forums and before people seemed to only have issues with one Object when the pop ups that I have have a different one everytime it pops up every 1-5 minutes then in the top right it’ll range anywhere from 2/2 to 22/22 (items I believe it’s referring to.)

Any help is appreciated thanks.

2

Here’s an example pic

http://i44.tinypic.com/2utssoz.png

3

URL:Mal means that the domain the URL is pointing to (the Object) has been blacklisted by Avast as potentially unsafe.

You might consider downloading and installing the free Malwarebytes Anti-Malware and running a scan. Make sure to update the definitions file if you already have Malwarebytes installed, before scanning.

4

I’ve done an updated malwarebytes scan and cleaned everything on there I’ll keep scanning and removing as I find stuff, but I’m not sure as if that will solve this issue.

5

There may be no infection…

Since it was the Web Shield that caught the error, were you/your friend surfing the web when the error message occurred, or did it pop up randomly when no one was online?

Are you using the Avast Online Security browser plugin?

There is a link here in the forum for the logs you need to provide if you want someone to do a deep dive of your system for malware…

http://forum.avast.com/index.php?topic=53253.0

6

It literally just pops up every 1-5 minutes regardless of what you’re doing on the computer, also once or twice a day the internet crashes and the toolbar at the bottom disappears but you can bring it back with the windows key and there’s all these blank unopenable unclickable folders that open at the bottom.

Here’s the logs:

7

Any opinions anyone?

8

Malware experts are notified… but they are in bed now so check back later

9

Hello,

You are using outdated Windows XP Service Pack 2. This means that your computer can’t deal with the latest software (malicious and legitimate).
I do not promise much …

  1. Please download ComboFix by sUBs from here and save it to your Desktop.
    If you are unsure how ComboFix works please read this guide carefully.
    Note: ComboFix must be downloaded to your Desktop.
  1. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
    If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:

[*]Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.

  1. Run ComboFix. Click on I Agree!

[i][size=7pt]- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.

  • ComboFix will check if there is a newer version of ComboFix available.
    Click Yes if prompted to download.[/size]
    -If Recovery Console is not installed, ComboFix will offer download & installation.
    Click Yes to allow ComboFix to install Recovery Console.
  • ComboFix will scan your computer in stages, total of 50 stages.
    Do not mouse-click around while ComboFix is running.
    Note:If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
    [/i]
  1. When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
    Attach log reports ( ComboFix.txt) back to topic.
10

It does the scan then when it tries to create the log a blue screen saying IRQL NOT LESS THAN OR EQUAL appears.

This computer a lost cause?

11

Hi,

Re-try again. This time, rename “ComboFix” into “NoMBR” and just re-run it.

12

That worked here’s the log.

13

Good. Let;s continue …

Multiple Antivirus Programs

You are running more than 1 Antivirus program!

avast! Antivirus *Disabled/Updated
Norton Internet Security 2006 *Enabled

Running - more than one - antivirus program is not recommended because:
[*]They can conflict with each other.
[*]Report the other antivirus software as malicious.
[*]Antivirus programs use an enormous amount of computer’s resources… actively scanning your computer.
[*]Can cause your computer to become unstable…run slowly and even, in rare cases, BSOD crash…etc
I strongly suggest you uninstall one of them. Which one, is your decision.

=======================================
Next …

Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[list]
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

SystemSpecs;
c:\windows\system32\nview.dll;i
c:\windows\system32\MSCTF.dll;i
c:\windows\system32\nvwddi.dll;i
FirefoxLook;
ChromeLook;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log