Google Chrome showing Malware detected on safe pages

[Albin]

Hi,
Google chrome is showing the alert message that many websites contain "elements from the site ads.vk987.info which appears to host malware".

I am getting this message for google.com,raymond.cc and many safe sites.Sometimes KIS 2009 shows a red alert window showing that cntlm.exe(the proxy authentication program for the university proxy) is loading some trojan program and access has been denied to that.Refreshing the page for some time sometimes solves the problem.

In firefox and google chrome,sometimes I get the error message "Cache Access Denied".Refreshing the page sometimes solves the problem.
Please help.
Thanks!

[prashanthpai]

Your PC could be infected. Scan it.

[Albin]

Hi,
The problem got solved somehow.I did a full scan and it found two trojan programs and removed them.But these files were present much before the problem started.
I used CCleaner and it cleaned some cookie files including that of ads.vk987.info.When Google Chrome was loading a page,I could see "Waiting for ads.vk987.info.
Thanks!

[prashanthpai]

Can you post a HijackThis log please

[Albin]

Hi,
Here is the HijackThis log file.I had to change the extension to .txt for uploading the file.The problem appears to have been solved.
Thanks!

[prashanthpai]

Suspicious entries :

O23 - Service: ICKVESNAZ - Unknown owner - C:\Users\user\AppData\Local\Temp\ICKVESNAZ.exe (file missing)

O13 - Gopher Prefix:

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

----------------------------------------------------------------------------------------------

Do you have any proxies installed ?

[nivek_hcerg]

A university uh? At my Learning institute we got a crappy antivirus (symantec antivirus [not norton]) and a stupid filter which denies acess to many proxies and websites including raymond.cc. Crappy education intitues.

http://www.f-secure.com/v-descs/m-amoeba.shtml <-- The truth

[Albin]

Hi,
I had Sun Web Proxy installed which I uninstalled afterwards.I am not sure if the uninstallation was proper and that it works on Windows.I didn't know what it was when I installed it.It was an unnecessary action.
I use cntlm for authentication of the university proxy.Sometimes I use ntlmaps.
nivek_hcerg,what does the link(the truth) mean?
Thanks!

[nivek_hcerg]

the truth about much educational buildings (look at the last message which says it's encrypted)