Http://www.tumri.net/als/als invasion!

2 Days ago I started having this site tumri.net/als/als open multiple tabs/windows periodically when I use a browser Internet Explorer/AOL, It keeps opening new tabs until I could close the browser whether it's Internet Explorer or AOL. I have my NIS 2012 to receive updates automatically plus a few times a week I do a manual update. I have a full system scan done once a week, have all the default settings applies when NIS 2012 was installed.

Have done full system scans these past few days to try and get rid of this " 
but it doesn't find/clean/quarantine this. ANY suggestions?
 
Thank you
George. / USA
[edit: Please do not link directly to potentially dangerous websites per the Participation Guidelines and Terms of Service.]

Please do not run any tools unless instructed to do so. 

  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

Please read every post completely before doing anything. 

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

 

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :smileylol:)

  •  Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!

 

Please read carefully

 

Please download aswMBR hxxp://public.avast.com/~gmerek/aswMBR.exe to your desktop. (replace the hxxp with http)
Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT / Yes
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and Please attach the log in the post back, Don't have the program fix anything.

 

Quads


ok, followed your instructions exactly. Wen I executed the file a pop up came up about the application can use avast see below, I said "yes".

 

This application can use the Avast! Free antivirus for scanning.It is recommended to download it for better detection results.

 

Would you like to download latest Avast virus definitions? 

 

Also attached are the log files of completed scans, quick scan then did a full scan.

 

Please advise after reviewing those attached files.

 

Thanks

George

There are no logs attached.

 

You are not following instructions  You are not to install Avast Free that will conflict  

 

aswMBR just downloads a definition dataset only,   and then runs a full scan of the areas required.

 

 

Quads

I apologize for not following your EXACT instructions and truly apprediate your time!

 

I downloaded the aswMBR file again and ran the scan without  Avvast and attached the scan results.

 

I click on attachments, browse my way to the txt scan results, add that file then click add attachment to attach the scan results.

 

Thank again and DO appreciate your time..

 

George

Please read carefully and Slowly

 

 Please scan with ESET next 


I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and DON'T (NO) check Remove found threats (reason for this is we don't want something deleted and then Windows won't load).
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Attach the resulting log in your next reply


If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it. 

 

Quads

Did the Eset online scanner, results attached. I didn't find the log where you mentioned "If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it. ", mine was in the Program Files (x86) directory.

 Read all of this message first

 

Download Combofix http://www.bleepingcomputer.com/download/anti-virus/combofix


  • Ensure that Combofix is saved directly to the Desktop <--- Very important

  • Disable all security programs as they will have a negative effect on Combofix,
  • Close any open browsers and any other programs you might have running before running Combofix 

Doiwnload the attached CFscript.txt, , For some browsers Right Click the attachment on the forum and select "Save AS" or similar to Download it. See screenshot below.

 

Right Click download.jpg

 

Now  drag the CFScript.txt into the ComboFix.exe  

 


  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Quads

Attached is the report after executing ComboFix2 as instructed.

 

George

How is the Browser Now??

 

Quads

Haven't used my system 1/2 as much as I normally do these past few days but nothing so far. This weekend will be the test, on it ALOT more.

 

May I ask what those 3 diff. files/programs did? All 3 scanned my system for vireses/malware, etc. or was some of it just system info?

 

You mentioned you only do this part-time and to be patient, where the heck u learn all this??

 

Will keep u posted.

 

Thanks sooo much for your time/knowledge/patience!

George

The first 2 prgrams were to tell me major detections in areas I want to look andd what I may have to script for (as I did).  The 3rd programs was to use it's power to do what I wanted by the script for your system. Which it did.

 

I still want to do what I do with other system and start the final cleanup routines.

 

Quads

Quads,

 

Been 5 days since my last post, using my system normal amt. aznd NO SIGN of that pop up anymore!

 

Thanks again for everything..