Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: BobLanham on July 01, 2013, 01:32:54 PM

Title: I-frame-inf and script-inf
Post by: BobLanham on July 01, 2013, 01:32:54 PM
My computer is infected with I-frame-inf and script-inf. Is there help available here to clean it?
Title: Re: I-frame-inf and script-inf
Post by: iroc9555 on July 01, 2013, 02:06:01 PM
Hi Bob. Welcome to Avast! Forums

Follow this guide: http://forum.avast.com/index.php?topic=53253.0

and attach ( Do not copy/paste ) logs for AdwCleaner, malwarebytes', OTL, and aswMBR.exe here:

An expert in the removal of malware will help you.
Title: Re: I-frame-inf and script-inf
Post by: BobLanham on July 01, 2013, 03:21:07 PM
Logs are attached. I ran the quick scans. Will this be sufficient?
Title: Re: I-frame-inf and script-inf
Post by: iroc9555 on July 01, 2013, 03:32:50 PM
A specialist has been notified. BTW the aswmbr log is not complete.
Title: Re: I-frame-inf and script-inf
Post by: BobLanham on July 01, 2013, 03:41:05 PM
Running aswMBR again. Should I then run the FixMBR?
Title: Re: I-frame-inf and script-inf
Post by: iroc9555 on July 01, 2013, 03:42:28 PM
Quote from: BobLanham on July 01, 2013, 03:41:05 PM
...Should I then run the FixMBR?

NO. just the scan.
Title: Re: I-frame-inf and script-inf
Post by: BobLanham on July 01, 2013, 03:51:02 PM
attached.
Title: Re: I-frame-inf and script-inf
Post by: essexboy on July 01, 2013, 03:53:12 PM
Hi you used the search function of AdwCleaner, after this OTL fix could you run AdwCleaner again but select delete this time

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=fmtoby&chnl=fmtoby&cd=2XzutAtN2Y1L1QzutDtDtByBtD0EtD0BtCyC0EtD0Azy0BtAtN0D0TzutBtDtCtBtDyCtBzz&cr=1641318400
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtoby&chnl=fmtoby&cd=2XzutAtN2Y1L1QzutDtDtByBtD0EtD0BtCyC0EtD0Azy0BtAtN0D0TzutBtDtCtBtDyCtBzz&cr=1641318400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=20120405F35E4B038FD351C1C2111778&tbp=homepage
FF - prefs.js..browser.startup.homepage: "http://start.funmoods.com/?f=1&a=fmtoby&chnl=fmtoby&cd=2XzutAtN2Y1L1QzutDtDtByBtD0EtD0BtCyC0EtD0Azy0BtAtN0D0TzutBtDtCtBtDyCtBzz&cr=1641318400"
[2013/01/16 16:49:22 | 000,000,000 | ---D | M] (CouponAmazing) -- C:\Documents and Settings\Eon\Application Data\Mozilla\Firefox\Profiles\Copy of bdrp3qvc.default\extensions\couponamazing@jetpack
[2012/05/01 08:32:36 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Eon\Application Data\Mozilla\Firefox\Profiles\Copy of bdrp3qvc.default\extensions\ffxtlbr@funmoods.com
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)

:Commands
[resethosts]
[emptytemp]
[Reboot]
Title: Re: I-frame-inf and script-inf
Post by: BobLanham on July 01, 2013, 04:42:55 PM
OTL and adwCleaner logs attached.
Title: Re: I-frame-inf and script-inf
Post by: BobLanham on July 01, 2013, 06:05:46 PM
It must be fixed now because the warning popups have not appeared.
??
Title: Re: I-frame-inf and script-inf
Post by: essexboy on July 01, 2013, 06:35:11 PM
Aye it was probably infoatoms or funmood :)  Any further problems