Jump to content

Malicious Website Blocked:

Recommended Posts

Hello and welcome,

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


The version of Chrome you have appears to be exploited and corrupt, try not to use Chrome until we make progress.....



1.Download Malwarebytes Anti-Rootkit from this link:


2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe


4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:


5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.


7. The following image opens, select Update


8. When the update completes select Next.


9. In the following window ensure "Targets" are ticked. Then select "Scan"


10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.


11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
12. If no threats were found you will see the following image, Select Exit:


13. Verify that your system is now running normally, making sure that the following items are functional:

  • Internet access
  • Windows Update
  • Windows Firewall

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

15. Select "Y" from your Keyboard, tap Enter.

16. The fix will be applied, select any key to Exit.

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log   Date and time of scan will also be shown



Link to post
Share on other sites

Sorry for the double post, I wasn't paying attention and skipped the last few steppes to update my firewall settings. I done the step now and waiting for the scan to finish. So far there's no rundll32 in the processes tab in the task manager, and all everything seems to be reset to default in the firewall area.

Link to post
Share on other sites

Thanks for the update, continue please:


Chrome needs to be clean installed as follows:


If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Enable any other extensions you normally use..




Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
  • Post back the report which should also be located here:

C:\Programdata\RogueKiller\Logs <-------- W7/8/10
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

The log will be listed similar to this: RKreport_SCN_06282015_153950.log

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.
Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Post those logs, also give an update on any remaining issues or concerns. Is the Firewall working ok now?


Thank you,



Link to post
Share on other sites

No you post that as the wrong format, that file has this extension .log-.2text is not possible for me to see the correct log file


Where you see the the log listed in Computer > C:\ > Program Data > RogueKiller Logs > RKreport_SCN_08222015_225231.json


Change the extension to .log    Does that make the log appear like this?


¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3252GSX ATA Device +++++
--- User ---
[MBR] 2083a7301575864e02b94c2609fbecb2
[bSP] 3e1d80ccba6ece7b11abf6bd8836f890 : Acer|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD3200BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] c67052206fb168522dde596fe2709bef
[bSP] fa096e23965f9d4af64805db74cd5e35 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 191101 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 391375593 | Size: 114141 MB
User = LL1 ... OK
User = LL2 ... OK

Link to post
Share on other sites

Thanks for the log, the second one is correct. Maybe roguekiller has changed options for logs... Continue please:


Double-click RogueKiller.exe to run again. (Vista/7/8 right-click and select Run as Administrator)

When "initializing/pre-scan” completes  press the Scan button, this may take a few minutes to complete.

When the scan completes open the Tasks tab and locate the following detections:

[suspicious.Path] \RunAsStdUser Task -- "C:\Users\Lorand\AppData\Local\RavenBleuSA\bin\\RavenBleuSA.exe" -> Found

Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked.

Hit the Delete button, when complete select "Report" in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference.

One other entry maybe is suspicious, System Restore is shown as "Disabled" if that is your own setting we ignore. If that setting is outside your remit we need to reset with RK.

[PUM.Desktop] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1  -> Found

Open Registry tab and Checkmark (tick) also ensure that all other entries are not Checkmarked.




Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C2)-Notepad log will appear, please copy/paste it in your next reply.

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

64 Bit version:

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Post those logs, also let me know if there are any remaining issues or concerns..


Thank you,



Link to post
Share on other sites

# AdwCleaner v5.003 - Logfile created 23/08/2015 at 11:27:43

# Updated 20/08/2015 by Xplode

# Database : 2015-08-23.2 [server]

# Operating system : Windows 7 Ultimate Service Pack 1 (x64)

# Username : Lorand - LORAND-PC

# Running from : C:\Users\Lorand\Desktop\AdwCleaner.exe

# Option : Cleaning


***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ Shortcuts ] *****



***** [ Scheduled tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****





:: Proxy settings cleared

:: Winsock settings cleared


########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [608 bytes] ##########


Note: I did it 2 times, the first time I did it I thought a .log file will appear, but it obviously didn't, and I accidentally closed the window.


This appears when I run JRT.exe :




This appears after I press any key, and after this appears it automatically stops:




There's no .txt file :(


Last program I try to run it doesn't start properly, it pops up for a few miliseconds and it closes.... 


Here's the log from the last part:



Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)

Started On Sun Aug 23 11:41:01 2015




Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)

Started On Sun Aug 23 11:41:54 2015




Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)

Started On Sun Aug 23 11:42:24 2015


Engine: 1.1.11903.0

Signatures: 1.203.693.0



Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)

Started On Sun Aug 23 11:42:33 2015


rundll32.exe still running in my task manager. 15-20 consumption.


Link to post
Share on other sites

Are you concerned that rundll32.exe shows running in Taskmanager, is more than likely legitimate. Read at the following link;




AdwCleaner usually creates a log after the reboot is completed to finish cleaning process, did that not happen for you.... The logs are also saved as .txt files to this folder: C:\AdwCleaner that folder also holds the Quarantine folder..


What is the current status of your system, are thee any remaining issues or concerns. Do not worry about JRT we can omit that scan...


Thank you,



Link to post
Share on other sites

I'm glad to be hearing that rundll32 is now working how it should, Usually that's what the mbytes picked up but now it's fixed I'm pretty sure, since the pop-up stopped a while ago, I was just panicked that it could reappear I guess. Thank you for all your help. Here are the files I have in the adw folder.






Link to post
Share on other sites

Thanks for the update, please not the changes in AdwCleaner, logs are now saved with a C in the name instead of S after a clean function, the digit still increases as more scans are run.


Also note under "Options" there are nine (9) new fixes included, Four (4) are selected as default, the other five are not. Please be aware of those options and the changes that can be made..


If no more issues we can clean up as follows:


Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

  • Remove disinfection tools
  • Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
  • Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…




Read the following link to fully understand PC security and best practices, you may find it useful....


Thank you,



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.