Author Topic: [Resolved K] Avast Infection url:MAL whenever I open firefox/chrome.  (Read 6453 times)

0 Members and 1 Guest are viewing this topic.

Offline Sputina

  • Bronze Member
  • Posts: 31
Re: [Resolved K] Avast Infection url:MAL whenever I open firefox/chrome.
« Reply #15 on: March 26, 2012, 08:22:53 pm »
SystemLook 30.07.11 by jpshortstuff
Log created at 22:18 on 26/03/2012 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "IASTOR.SYS"
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys   -----c- 246784 bytes   [04:58 01/01/2004]   [14:59 06/07/2006] 019CF5F31C67030841233C545A0E217A
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys   -----c- 484864 bytes   [04:58 01/01/2004]   [15:01 06/07/2006] 6A3C354BFC163B81F6EF2FC421280DB5
C:\WINDOWS\I386\DRV\SCS\iastor.sys   -----c- 246784 bytes   [04:38 01/01/2004]   [13:59 06/07/2006] 019CF5F31C67030841233C545A0E217A
C:\WINDOWS\system32\drivers\iaStor.sys   --a---- 246784 bytes   [04:38 01/01/2004]   [04:20 16/12/2009] 2E008FBE906835D4F49F727DFD3225FB
C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\iaStor.sys   -----c- 246784 bytes   [04:58 01/01/2004]   [13:59 06/07/2006] 019CF5F31C67030841233C545A0E217A

-= EOF =-

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7351
Re: [Resolved K] Avast Infection url:MAL whenever I open firefox/chrome.
« Reply #16 on: March 27, 2012, 12:51:46 am »
Run the following,

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here  Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Let me see that log please..

Kevin


Offline Sputina

  • Bronze Member
  • Posts: 31
Re: [Resolved K] Avast Infection url:MAL whenever I open firefox/chrome.
« Reply #17 on: March 29, 2012, 05:34:31 am »
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=db4f18b9d234774ca7db089bd497c93b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-28 02:36:37
# local_time=2012-03-28 10:36:37 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=770 16774141 100 100 2710549 108722440 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=156722
# found=5
# cleaned=0
# scan_time=11230
C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c8vbdsrb.default\extensions\{02994c6b-c1fd-45b0-92cc-83bcabe23138}\chrome.manifest   Win32/TrojanDownloader.Tracur.F trojan (unable to clean)   00000000000000000000000000000000   I
C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c8vbdsrb.default\extensions\{02994c6b-c1fd-45b0-92cc-83bcabe23138}\chrome\xulcache.jar   JS/Agent.NDJ trojan (unable to clean)   00000000000000000000000000000000   I
C:\Documents and Settings\Owner.BIG_SPUT\Application Data\Mozilla\Firefox\Profiles\ac2kntm3.default\extensions\{02994c6b-c1fd-45b0-92cc-83bcabe23138}\chrome.manifest   Win32/TrojanDownloader.Tracur.F trojan (unable to clean)   00000000000000000000000000000000   I
C:\Documents and Settings\Owner.BIG_SPUT\Application Data\Mozilla\Firefox\Profiles\ac2kntm3.default\extensions\{02994c6b-c1fd-45b0-92cc-83bcabe23138}\chrome\xulcache.jar   JS/Agent.NDJ trojan (unable to clean)   00000000000000000000000000000000   I
C:\Documents and Settings\Owner.BIG_SPUT\Application Data\Sun\Java\Deployment\cache\6.0\7\2a769347-6e2c435c   multiple threats (unable to clean)   00000000000000000000000000000000   I

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7351
Re: [Resolved K] Avast Infection url:MAL whenever I open firefox/chrome.
« Reply #18 on: March 29, 2012, 06:02:10 am »
The file flagged by clamwin is a false positive and nothing to worry about, ESEt has flagged a couple of entries that we need to deal with, do the following:

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2 
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....
  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: [Select]
:Services
:Files
ipconfig /flushdns /c
C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c8vbdsrb.default\extensions\{02994c6b-c1fd-45b0-92cc-83bcabe23138}\chrome.manifest
C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c8vbdsrb.default\extensions\{02994c6b-c1fd-45b0-92cc-83bcabe23138}\chrome\xulcache.jar
C:\Documents and Settings\Owner.BIG_SPUT\Application Data\Mozilla\Firefox\Profiles\ac2kntm3.default\extensions\{02994c6b-c1fd-45b0-92cc-83bcabe23138}\chrome.manifest
C:\Documents and Settings\Owner.BIG_SPUT\Application Data\Mozilla\Firefox\Profiles\ac2kntm3.default\extensions\{02994c6b-c1fd-45b0-92cc-83bcabe23138}\chrome\xulcache.jar
:Commands
[EmptyTemp]
[Reboot]
 
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Let me see that log, give update on system status and any remaining issues or concerns...

Thank you,

Kevin

Offline Sputina

  • Bronze Member
  • Posts: 31
Re: [Resolved K] Avast Infection url:MAL whenever I open firefox/chrome.
« Reply #19 on: March 30, 2012, 05:58:31 am »
system is running well, problem I previously had is still gone. Running as normal

All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner.BIG_SPUT\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner.BIG_SPUT\Desktop\cmd.txt deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c8vbdsrb.default\extensions\{02994c6b-c1fd-45b0-92cc-83bcabe23138}\chrome.manifest moved successfully.
C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c8vbdsrb.default\extensions\{02994c6b-c1fd-45b0-92cc-83bcabe23138}\chrome\xulcache.jar moved successfully.
C:\Documents and Settings\Owner.BIG_SPUT\Application Data\Mozilla\Firefox\Profiles\ac2kntm3.default\extensions\{02994c6b-c1fd-45b0-92cc-83bcabe23138}\chrome.manifest moved successfully.
C:\Documents and Settings\Owner.BIG_SPUT\Application Data\Mozilla\Firefox\Profiles\ac2kntm3.default\extensions\{02994c6b-c1fd-45b0-92cc-83bcabe23138}\chrome\xulcache.jar moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default User
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 49286 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 4537272 bytes
 
User: NetworkService
->Temp folder emptied: 12524 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Ow
 
User: Owner
 
User: Owner.BIG_SPUT
->Temp folder emptied: 11609123 bytes
->Temporary Internet Files folder emptied: 3739504 bytes
->Java cache emptied: 4945134 bytes
->FireFox cache emptied: 179625945 bytes
->Google Chrome cache emptied: 485070400 bytes
->Flash cache emptied: 171493 bytes
 
User: OWNER~1~BIG
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37222 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 163974 bytes
RecycleBin emptied: 350312392 bytes
 
Total Files Cleaned = 992.00 mb
 
 
OTM by OldTimer - Version 3.1.19.0 log created on 03302012_075057

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7351
Re: [Resolved K] Avast Infection url:MAL whenever I open firefox/chrome.
« Reply #20 on: March 30, 2012, 02:21:50 pm »
Ok do the following:

Step 1

Uninstall the following via Start > Control Panel > Add/Remove Programs:

Java(TM) 6 Update 7

Step 2

Remove Combofix now that we're done with it
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")


  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:
  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Step 3

  • Download OTC by OldTimer and save it to your desktop. Alternative mirror
  • Double click icon to start the program.
    If you are using Vista or Windows 7, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted.
Step 4

We need to remove ESET Online Scanner.

  • Click Start, click Run, type control appwiz.cpl in the Open box, and then press ENTER.
  • Click to select ESET Online Scanner from the application list, and then click Remove. Only re-boot if prompted
Step 5

Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack and exploitation.

Please go to the link below to update.

Adobe Reader Untick the Free McAfee® Security Scan Plus (optional) unless you want it. (Not required)..

Step 6

Download TFC  to your desktop, from either of the following links
 Link 1
 Link 2
  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
  • If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds.  TFC may re-boot your system, if not Re-boot it yourself to  complete cleaning process <---- Very Important

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc.  Always remember to re-boot after a run, even if not prompted

Let me know if the above steps complete OK, also if any remaining issues or concerns...

Kevin

Offline Sputina

  • Bronze Member
  • Posts: 31
Re: [Resolved K] Avast Infection url:MAL whenever I open firefox/chrome.
« Reply #21 on: March 30, 2012, 03:25:07 pm »
everything uninstalled/updated without problem. thanks for the help kevin, i appreciate it

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7351
Re: [Resolved K] Avast Infection url:MAL whenever I open firefox/chrome.
« Reply #22 on: March 30, 2012, 04:23:27 pm »
Since this issue appears to be resolved the topic has been closed. Glad we could help.  :t

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.