Заражение URL:Mal

system · October 31, 2015, 11:52am

При открытии браузера Аваста, Мозилы выходит блокировка инфекции обьект: http://vk.ijmelto.ru/index.xm…, Процес: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe. Видноус 8.1. Стоит Аваст. Проверила Касперским, Доктор Веб. В форуме есть такая тема. https://forum.avast.com/index.php?topic=178205.0. Мне тоже сделать рост 4426?

polonus · October 31, 2015, 11:58am

Wait for a qualified removal expert to arrive. I will inform him of this thread.
More than likely malware has corrupted/hijacked chrome browser startpage.
Follow his instructions to the dot.

polonus

essexboy · October 31, 2015, 2:39pm

Please use this programme for analysis as it is more current

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

system · November 1, 2015, 5:31am

Спасибо за ответ. Прикрепила логи.

essexboy · November 1, 2015, 10:35am

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-4213819828-333595612-3669788182-1002\...\Run: [ywfwryjjzq] => explorer "http://tumuri.ru/?utm_source=uoua03&utm_content=bbdfa0f489359ada6100c69b6a89c332" <===== ATTENTION Startup: C:\Users\iitiii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk [2015-10-31] ShortcutTarget: Punto Switcher.lnk -> (No File) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-4213819828-333595612-3669788182-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll No File Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll No File BHO: No Name -> {11111111-1111-1111-1111-110611211180} -> No File BHO-x32: No Name -> {11111111-1111-1111-1111-110611211180} -> No File BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO-x32: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File Toolbar: HKU\S-1-5-21-4213819828-333595612-3669788182-1002 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File CustomCLSID: HKU\S-1-5-21-4213819828-333595612-3669788182-1002_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max Design 2015\Inventor Server\Bin\TestServer.dll => No File CustomCLSID: HKU\S-1-5-21-4213819828-333595612-3669788182-1002_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe /Automation => No File CustomCLSID: HKU\S-1-5-21-4213819828-333595612-3669788182-1002_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max Design 2015\Inventor Server\Bin\TestServer.dll => No File CustomCLSID: HKU\S-1-5-21-4213819828-333595612-3669788182-1002_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe => No File CustomCLSID: HKU\S-1-5-21-4213819828-333595612-3669788182-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll => No File CustomCLSID: HKU\S-1-5-21-4213819828-333595612-3669788182-1002_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max Design 2015\Inventor Server\Bin\TestServer.dll => No File Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION Task: {2EA4B1B7-1AF0-4715-B96E-37D73C7718E7} - \UpdaterEX -> No File <==== ATTENTION Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {571EA3D5-9E0A-4B61-84BC-45EA7E729206} - System32\Tasks\{0217D19B-CB47-4B2F-A63E-A5E2B03522E7} => pcalua.exe -a C:\Users\iitiii\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=ima Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\iitiii\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[C1].txt as well.

system · November 3, 2015, 4:08pm

Прикрепляю лог. Если можно перенесите в русскую ветку. На английском сложновато.

polonus · November 3, 2015, 4:17pm

Hi salon-best and essexboy,

Logs attached…
Что сотрудничество и почти нет языковых барьеров - What cooperation and almost no language barriers.

polonus

essexboy · November 3, 2015, 5:48pm

Вы все еще получаете оповещения?

Are you still getting alerts ?

system · November 8, 2015, 1:56pm

Спасибо за ответ.Да еще приходят уведомления.

essexboy · November 8, 2015, 2:35pm

Is it chrome only or are other browsers affected

Could I have a fresh FRST scan please

Это хром только или затрагиваются другие браузеры

Может у меня есть свежие ФРСТ сканирования пожалуйста

system · November 10, 2015, 4:15am

Доброго дня. В мозиле это уведомление не приходит. Прикрепляю свежие логи. И скриншот самого уведомления.

essexboy · November 10, 2015, 3:09pm