ESED NOD32 Antivirus blocks every address

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mntik, Apr 5, 2011.

  1. mntik

    mntik Private E-2

    Hello, and thank you in advance for your kind assistance.

    Today I noticed that everytime I try to visit a webpage, no matter what the address is, my NOD32 pops a window saying that this address is blocked (bottom right on this snapshopt).

    [​IMG]

    The IP address that appears last, seems to be changing every now and then, but only the last two digits. Namely, it has been (the past few minutes that I am writting this post:

    216.137.63.97:80
    216.137.63.40:80
    216.137.63.137:80 etc.

    I have followed all the steps in READ & RUN ME FIRST, and my logs are attached, but the message still pops... The message also pops each time I refresh a page. I use Firefox as my browser, but I tested with Chrome to see whether it was a browser issue, and the message... still popped. This is why I am afraid it has something to do with a malware infection.

    My OS is Windows 7 x64.

    Could you kindly please help me sort this? Additionally, if it is a malware issue, should I be contacting banks etc (I use this laptop for financial transactions quite often).

    Thank you again for your time!
     

    Attached Files:

    mntik, Apr 5, 2011
    #1
  2. mntik

    mntik Private E-2

    Oh, I forgot to mention that the pages load succesfully. The message-popping is the issue here...:confused
     
    mntik, Apr 5, 2011
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
    Code:
    KILLALL::

DirLook::
c:\users\Marina\.dsig
c:\users\Marina\AppData\Local\{D3667A71-FE57-4AD5-9960-6808C03321EA}
c:\users\Marina\AppData\Local\{3E5682D0-4C37-4FD6-914A-89C4F79FEB75}
c:\users\Marina\AppData\Local\{80B3C2C1-0C08-42BE-8A60-625193B266CC}
c:\users\Marina\AppData\Local\{16B6DF39-9DB2-4444-8739-49CE08B7FDFA}
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      [​IMG]

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
     
    Kestrel13!, Apr 5, 2011
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds