Author Topic: Malware- Help! URL toolbar.lavasoft.com  (Read 1764 times)

Offline scatback

  • Newbie
  • *
  • Posts: 12
    • Personal Message (Offline)
Malware- Help! URL toolbar.lavasoft.com
« on: December 26, 2012, 02:43:43 PM »
I just realized I may have made a mistake posting this in general discussion, so I will post it here in malware discussion.
Once every 30 minutes or so avast warns of 2 threats detected.  Scans find them but when I try to move to chest it says 'error: the system cannot find the file specified (2)'

The info from the avast warning is
MALWARE BLOCKED
URL: toolbar.lavasoft.com/malwaresitelist/data/121103031826-l.zip|121103031826-l.list
infection: HTML: Fraud-J

The other is the same thing except the long number is '121031200349'  and it is 'm.zip' and 'm.list'

Obviously I notice the adaware reference- I used to have adaware but deleted it months ago.  This just started the last couple of days.
What can I do about this? Avast scans find them but can't fix them.
Thanks for your help.

Online Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21680
  • Gender: Male
    • Personal Message (Online)
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #1 on: December 26, 2012, 02:51:51 PM »
run a scan with AdwCleaner and Malwarebytes and see if anything changes

you find them/instructions here   http://forum.avast.com/index.php?topic=53253.0
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28970
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #2 on: December 26, 2012, 03:00:44 PM »
It looks to me like it is the Lavasoft toolbar (adaware) updating itself

toolbar.lavasoft.com/malwaresitelist/data/121103031826-l.zip

Offline scatback

  • Newbie
  • *
  • Posts: 12
    • Personal Message (Offline)
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #3 on: December 26, 2012, 04:24:46 PM »
Pondus- I am running a Malwarebytes scan as we speak.  If that doesn't work I will look into downloading Adwcleaner.
I already scanned with Spybot and found nothing.

Essexboy- I thought the same thing.  But I don't have a lavasoft toolbar.  I deleted adaware several months ago, but obviously some remnant remains that is now causing trouble. Is there a way to find it so I can remove it?

 In the 'search programs and files' box I type 'adaware' and three documents come up that are logs from old adaware scans.  Could that be the problem? I don't see how.  If I type 'lavasoft' the same three come up plus a piriform ccleaner document from the registry cleaner.  These are logs from old documents from months ago. 

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28970
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #4 on: December 26, 2012, 04:35:09 PM »
I will have a look in the OTL scan

Online Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21680
  • Gender: Male
    • Personal Message (Online)
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #5 on: December 26, 2012, 04:37:10 PM »
Quote
I already scanned with Spybot and found nothing.
SpyBot is a joke..   ;)

Quote
" In testing, it proved almost 100 percent ineffective
http://www.pcmag.com/article2/0,2817,2412372,00.asp
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline scatback

  • Newbie
  • *
  • Posts: 12
    • Personal Message (Offline)
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #6 on: December 26, 2012, 04:53:03 PM »
Thank you both for your help.
Should I download OTL and try that?
I already have hijackthis- in the scan it found something interesting:
04 - HKLM/../ Run: [Ad-Aware Browsing Protection]
C:\Program\Ad-Aware Browsing Protection\adawarebp.exe

Info button says this is an entry that autoloads when windows starts that can revert info back to a hijacker's page after a reboot- also a DLL file can hook into the system.
It then gives a list of infected examples- are these general examples or actual examples from my computer?
It says (action  taken: Registry value is deleted)

Unfortunately when I press 'fix checked item' it goes to a blank screen as if it is fixed- then I press 'scan' again and there the adaware line is again.  Nothing changed.

Offline scatback

  • Newbie
  • *
  • Posts: 12
    • Personal Message (Offline)
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #7 on: December 26, 2012, 04:58:01 PM »
Also- I just looked up on hijack this what '04' before the HKLM refers to:
'04- Enumeration of suspicious autoloading Registry entries'

Online Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21680
  • Gender: Male
    • Personal Message (Online)
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #8 on: December 26, 2012, 05:06:37 PM »
ues OTL as this is much better then HijackThis....and it is also the tool Essexboy use   ;)
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline scatback

  • Newbie
  • *
  • Posts: 12
    • Personal Message (Offline)
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #9 on: December 26, 2012, 06:22:26 PM »
Malwarebytes came up empty.
I ran OTL quick scan per instructions from  geekstogo.com and got the 2 logs.  What should I do now? Essexboy, would you want to look at them?
Thanks for the help- I am afraid to log onto anything important (bank, etc) in case hijackthis description of what it could be is correct.

Offline scatback

  • Newbie
  • *
  • Posts: 12
    • Personal Message (Offline)
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #10 on: December 26, 2012, 09:37:58 PM »
I wanted to post the reports from OTL quick scan for essexboy or anyone else to see.  I tried to copy and paste the 2 reports from OTL Extras.Txt and OTL.Txt but both exceeded the max 10000 character limit so I don't know what to do.

Online DJBone

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3907
  • Gender: Male
    • Personal Message (Online)
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #11 on: December 26, 2012, 09:43:02 PM »
Attach the logs in your next post.
When you reply there's a option "Attachements and other options".

DJBone
Main PC: Win 7 Home Premium SP1 32 Bit, Firefox 24.4.0ESR, IE10 32Bit, AIS 9.0.2018, MBAM 2 Pro (latest version)
Laptop: Win 7 Home Premium SP1 64 Bit, Firefox 24.4.0ESR, IE8, AIS 9.0.2018, MBAM 2 Pro (latest version)
avast! Mobile Security, avast! Anti-Theft, avast! Backup (always latest version)

Offline scatback

  • Newbie
  • *
  • Posts: 12
    • Personal Message (Offline)
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #12 on: December 27, 2012, 04:31:58 PM »
Thank you for everyone who advised me on this problem.  I think I have solved it.
I didn't realize essexboy had laid out what to do about malware and creating a log from OTL in the thread at the top of the page.  Once I saw that I started going through the process.
Along the way I went checking through file after file in My Computer and found one related to adaware.  I deleted it and so far there haven't been any more warnings from avast. 
Thanks again to everyone on this forum who offered me help.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now