url:mal

Viruses and worms
1

Wanted to pass this along in case it can help someone:

System:
Win7 Pro

Problems:
o Redirects occuring when using IE and FoxFire
o Windows updates could not be loaded with error 80070216
o Frequent "URL:Mal "warnings from Avast
o “SFC /scannow” would stop consistently at 8% (even under Safe Mode)

Solution:
Ran “Spybot” which removed several threats.
Ran “Malwarebytes” (all categories) which removed even more threats.
Ran “Microsoft Malicious Software Remover” which found no threats
Result: redirects stopped but still had all other problems.
Ran TDSSKILLER which found 2 threats which were removed.
Result: all problems solved!

2
Ran "Spybot" which removed several threats. Ran "Malwarebytes" (all categories) which removed even more threats.
what was found ..... cookies an PUP are not threats
o Frequent "URL:Mal "warnings from Avast
this may indicate a infection
Ran TDSSKILLER which found 2 threats which were removed.
what was found? ..... possible related to frequent URL:mal warnings

attach scan logs here

3

Hi gfcdata and thanks for your attentions.

Redirects occuring when using IE and FoxFire
This indicates on presence on malicious extensions or plugin. Using IE and FF settings to remove unknown/unwanted extensions or plugin or using reset back to defaults would solve the problem.
Windows updates could not be loaded with error 80070216
Lately, a lot of malware intentionally deleted BITS service in order to prevent M$ to update.
"SFC /scannow" would stop consistently at 8% (even under Safe Mode)
If I'm right, this could repar BITS. I have not tested so I can not say...
Ran "Spybot" which removed several threats.
Spybot was once an powerfull tool, today outdated software.
Ran TDSSKILLER which found 2 threats which were removed.
TDSSKiller is ARK (antirootkit) tool, it scans for services and drivers (usercode and kernelcode) as well as MBR. In other world, if TDSSK detects malware, it means that detected malware is rootkit. Rootkit must never be taken lightly...
4

Attach a screenshot. Sounds like a root kit or Blackbeard or a combo of both.

5

Then follow what magna says. I’m just curious to see if its blackbeard.

6
Quote Ran "Spybot" which removed several threats. Spybot was once an powerfull tool, today outdated software. Quote
well the latest payed for versions with integrated AV engine from Bitdefender should / could be okay ?

however i would rather use my money on a Bitdefender product without any SpyBot integrated :slight_smile: and use any extra money on Malwarebytes PRO