Author Topic: "Threat has been detected", but avast can't find and/or eliminate it  (Read 791 times)

Offline cloud302

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
I keep randomly getting pinged with a "threat has been detected" from avast, just as I'm randomly browsing sites (normal ones, like Ebay, Facebook, Yahoo, Google, etc). I've tried quick scan, full scan, and boot-time scan, and avast detects nothing, and it still consistently pings me with the message once every half hour or so when I go to a new page or click on the page itself. Avast says it blocks the threat before it can do anything, but I want the threat gone permanently. Here is the link that it says is the threat (it acts as if it's coming from the internet, but since it's different sites, I'm pretty sure it's actually within my computer and is disguising itself as something internet-related) :

http://a.exchangeadvertiser.com/a?url

It also tries to open up another tab and/or page (when I try to go to another page, or click on a page I'm already on). That's when Avast says threat has been detected, and blocks it. It just happened again, and here is the full url of the page that tried to open:

http://a.exchangeadvertiser.com/a?url=075def04699a7092b050f295100f6a3647ba5a0319a0a3d8e802c5fda37f564a2d996349272f851c1151


Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21726
  • Gender: Male
    • Personal Message (Offline)
Re: "Threat has been detected", but avast can't find and/or eliminate it
« Reply #1 on: January 28, 2014, 05:17:22 AM »
follow instructions and attach logs (not copy and paste)  http://forum.avast.com/index.php?topic=53253.0

we need malwarebytes / OTL / aswMBR logs



Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline -midnight

  • Advanced Poster
  • **
  • Posts: 1108
  • Gender: Female
  • YASARSA
    • Personal Message (Offline)
Re: "Threat has been detected", but avast can't find and/or eliminate it
« Reply #2 on: January 28, 2014, 04:52:47 PM »
I've gotten this popup several times today and also got some yesterday.

When I clicked on your links I got the same popup.

If you've been getting the same popup as showed in my screenshot I wouldn't worry about it.  I ran a scan yesterday also scanned with Malwarebytes and no threats were detected.

Please pardon me for posting on you thread.
Life is too short to start your day with broken pieces of yesterday, it will definitely destroy your wonderful today and ruin your great tomorrow.

Offline cloud302

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: "Threat has been detected", but avast can't find and/or eliminate it
« Reply #3 on: January 28, 2014, 05:38:50 PM »
Malwarebytes didn't pick up anything either, but the issue is still occurring. It happens over several sites, not just one, and has been going on for the past week or two (maybe three). The requested scan logs are attached.

Offline Michael (alan1998)

  • Super Poster
  • ***
  • Posts: 1249
  • Gender: Male
    • Personal Message (Offline)
Re: "Threat has been detected", but avast can't find and/or eliminate it
« Reply #4 on: January 28, 2014, 05:49:51 PM »
Remover Notified
i7-3770, GTX 760DCII OC, 16GB DDR3 RAM @ 1600Mhz, 2TB HDD @ 7200RPM, 32GB SSD.

Offline magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3245
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Offline)
Re: "Threat has been detected", but avast can't find and/or eliminate it
« Reply #5 on: January 28, 2014, 05:55:16 PM »
I'm on it ...

Offline magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3245
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Offline)
Re: "Threat has been detected", but avast can't find and/or eliminate it
« Reply #6 on: January 28, 2014, 05:59:47 PM »
Hi cloud302,




Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.

  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...

  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]
Uninstall-List;
EmptyFoldersCheck;Delete
EmptyCLSID;
ipconfig /flushdns >> %temp%\log.txt;b
FFDefaults;
CHRDefaults;
EmptyAllTemp;
AutoClean;
  • Click on button.
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"
----     ----     ----     ----     ----     ----     



Next, re-run OTL, hit RunScan button and post me fresh OTL.txt logreprot.

Offline cloud302

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: "Threat has been detected", but avast can't find and/or eliminate it
« Reply #7 on: January 28, 2014, 07:01:03 PM »
For the OTL scan, do I check the "Scan All Users" , "LOP Check" , and "Purity Check" boxes again? Their default state is to be unchecked. Is there anything else I should check or uncheck or check for before starting the scan?

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21726
  • Gender: Male
    • Personal Message (Offline)
Re: "Threat has been detected", but avast can't find and/or eliminate it
« Reply #8 on: January 28, 2014, 07:05:41 PM »
No .... run as default


Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline cloud302

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: "Threat has been detected", but avast can't find and/or eliminate it
« Reply #9 on: January 28, 2014, 07:17:49 PM »
Alright, requested log files attached.

Thanks for this by the way. Your efforts are genuinely appreciated.

Offline magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3245
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Offline)
Re: "Threat has been detected", but avast can't find and/or eliminate it
« Reply #10 on: January 28, 2014, 08:06:06 PM »
This looks much better now.  :) Zoek did great job ...


Re-run OTL.exe.

  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

Code: [Select]
:REG
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"avg@toolbar"=-

:FILES
C:\ProgramData\AVG SafeGuard toolbar
C:\Program Files (x86)\Whilokii
C:\Users\CloudsRPGMaster
C:\Windows\*.tmp
C:\Users\CloudsRPGMaster\Desktop\*.tmp

:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.2.113

  • Then click the Run Fix button at the top.
  • Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
If the log doesn't appear, it can be found here:

c:\_OTL\MovedFiles\mmddyyyy_hhmmss.log




----      ----      ----      ----      ----      ----      ----      ----     


Re-run Zoek as you did before ...
  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]
QuickScan;
  • Click on button.
Post me fresh created zoek logreprot ...

Offline cloud302

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: "Threat has been detected", but avast can't find and/or eliminate it
« Reply #11 on: January 28, 2014, 08:56:58 PM »
Okay, first off; I have a question. The last steps you just had me do moved a TON of stuff from my desktop and favorite places into the c:\_OTL\MovedFiles folder. Is it okay if I move them back, or do they have to stay there for some reason? If they do, could you explain why? The majority of those files seemed harmless. Most of them are just text or picture based, and some of a lot of them have to do with school or my job.

Second, I've attached the zoek-results file, but the OTL report file was too large (exceeded 512KB) to post here. I tried to compress it, but it wouldn't allow me to post a compressed file either. Please advise.

Offline cloud302

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: "Threat has been detected", but avast can't find and/or eliminate it
« Reply #12 on: January 28, 2014, 09:04:52 PM »
Actually, I can't find my favorite places from Mozilla Firefox anywhere in that folder. It has the ones from Internet Explorer, but I haven't actively used that in half a year at least. The favorite places for Firefox (the ones that I had in place just before I did the previous scans), were they deleted, or just relocated?

Offline magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3245
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Offline)
Re: "Threat has been detected", but avast can't find and/or eliminate it
« Reply #13 on: January 28, 2014, 09:22:14 PM »
Hi,

Quote
The last steps you just had me do moved a TON of stuff from my desktop and favorite places into the c:\_OTL\MovedFiles folder. Is it okay if I move them back, or do they have to stay there for some reason?

It was my mistake, I do not know how it happened, I am sorry.  :-[
Malware removal process sometimes known to be tricky.
For some reason, I mistakenly said to OTL to move your %username% folder (C:\Users\CloudsRPGMaster) to OTL's Quarantine folder.
My experience in malware removal is several years and very big, and this to me has not happened yet.

I can back that folder using some batch file but first please try to back by yourself.


Please first attempt to back deleted username folder by yourself;


from : C:\_OTL\MovedFiles\01282014_162437\C_Users\CloudsRPGMaster
to: C:\Users\CloudsRPGMaster

This should bass good. Do not cut folder, do copy as I want that original stays in OTL's Quarantine.

Do not worry, we'll fix the thing.


« Last Edit: January 28, 2014, 09:24:37 PM by magna86 »

Offline magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3245
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Offline)
Re: "Threat has been detected", but avast can't find and/or eliminate it
« Reply #14 on: January 28, 2014, 10:54:51 PM »
Any progress?
If not, I can use some advanced scripts to fix that.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now