Avast WEBforum
Other => Viruses and worms => Topic started by: desireezenna on October 09, 2013, 09:11:31 PM
-
hi everybody
im desiree and got also wpad.net/wpad.dat troubles.
first it started at skype now ot gos to other things like google chrome exe and other things,,
i did a malware scan and so far the comp is clean,, i hope but stil got that padthing,,
please can somebody help me.
thanks all
-
follow instructions and attach logs (not copy and paste) http://forum.avast.com/index.php?topic=53253.0
run in order listed
AdwCleaner / Malwarebytes / OTL / aswMBR
when done, removal experts will be notified and help you
when finish, all tools used will be removed
-
oke thank you wil start on that
-
grrr my logs wont post
-
Are you attaching them?
Under the answer box is an option called attachments and other options.
-
again
-
the otl log is to large it wont let me post it
-
Can you attach that as well please
-
Your file is too large. The maximum attachment size allowed is 512 KB.
thats what i get
-
Can you split the OTL log into two and attach each part separately ?
-
part 1
-
part 2
-
hope this is oke like that.. as im blondddd grins
-
Oops that was the extras one there should be one just called OTL.txt on the desktop that is the one I need .. Sorry :)
-
grins oke il hunt again :)
-
erm cant find that ???
-
Run OTL again then please, there will only be one log this time :)
Use the same script as before
-
i did that but i get otltxt and its to big to post. its the same one as i did in 2 parts :(
-
this is the extra text
oh and when i had run that otl again i get again something running in msdos and it saying ... c/windowes then lots blah blah and its to long. and that gos on for a few min.
maybe thatwhy the textlog is to big?
:'(
-
i did that but i get otltxt and its to big to post. its the same one as i did in 2 parts :(
you can send it to Essexboy in mail ..... i will give you his mail address in a PM in a few minutes
see the My messages button at top of the forum....
-
smiles thank you
-
smiles thank you
Essexboy will be back online later today, usually after work hours european time ;)
-
but wont he get that infection either if i send him mail?
-
but wont he get that infection either if i send him mail?
no, it is only a txt. log file ....
and if there is somone in this forum that knows how to protect himselfe from (and remove) infections, then it is him ;D
-
:) oke wil send it to him right away thank you
-
OK lets kill this.. Did you install Splashtop ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=361&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=361&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=94010018E786BA10&affID=125035&tsp=5030
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.searchgol.com/?babsrc=HP_ss&mntrId=94010018E786BA10&affID=125035&tsp=5030"
FF - prefs.js..extensions.enabledAddons: plugin%40videofiledownload.com:1.5
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q="
[2012-04-01 02:08:36 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2013-10-09 06:26:31 | 000,000,000 | ---D | M] (BonanzaDeals) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
[2013-06-12 20:27:58 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\crossriderapp435@crossrider.com
[2013-10-09 06:27:17 | 000,000,000 | ---D | M] (SearchGol) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\ffxtlbr@searchgol.com
[2012-07-09 13:04:02 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\plugin@videofiledownload.com
[2013-06-07 23:59:25 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\toolbar@ask.com
[2013-06-12 20:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\crossriderapp435@crossrider.com\chrome\content\extensionCode
[2013-10-05 03:05:26 | 000,007,537 | ---- | M] () (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\extensions\firefox@whilokii.net.xpi
[2012-04-08 09:50:29 | 000,004,929 | ---- | M] () (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}.xpi
[2013-03-30 10:44:47 | 000,000,931 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\conduit.xml
[2013-02-18 14:53:38 | 000,001,294 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\delta.xml
[2013-10-09 06:27:19 | 000,001,302 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\searchgol.xml
[2012-04-01 02:08:35 | 000,002,519 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\Search_Results.xml
[2012-04-01 02:08:35 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found
O2 - BHO: (BonanzaDeals) - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000..\Run: [C3] File not found
O4 - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000..\Run: [iLivid] "C:\Users\cisca\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found
[2013-10-09 21:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iMesh Applications
[2013-10-09 06:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchgol
[2013-10-09 06:27:13 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
[2013-10-09 06:27:12 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\searchgol
[2013-10-09 06:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\BitGuard
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Whilokii
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Local\BonanzaDealsLive
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\BonanzaDealsLive
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDealsLive
[2013-10-09 06:26:30 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
[2013-10-09 06:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDeals
[2013-10-10 08:17:57 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
[2013-10-09 06:26:54 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
[2013-10-09 06:26:49 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
:Files
C:\Program Files (x86)\Whilokii
C:\Program Files (x86)\BonanzaDealsLive
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
C:\PROGRA~2\SEARCH~1
C:\Users\cisca\AppData\Local\iLivid
:Commands
[resethosts]
[emptytemp]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
oke doing it now and thank you so much essex for helping.. sorry if i dont know things right away
oke after the scan wil reboot adn then run the scan again,. but do i need to post that stuff again in that place?
i ment at fixes open space
-
and splashtop? i dont know what that is :-\
-
oke heres the new log
-
Hmm that did not appear to take could you run this fix please, when the computer reboots a log should appear. Could you attach that
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:OTL
SRV - [2013-10-10 08:26:45 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe -- (Util Whilokii)
SRV - [2013-10-09 06:26:34 | 000,148,976 | ---- | M] (BonanzaDeals) [On_Demand | Stopped] -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslivem)
SRV - [2013-10-09 06:26:34 | 000,148,976 | ---- | M] (BonanzaDeals) [Auto | Stopped] -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslive)
SRV - [2013-10-05 03:05:26 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files (x86)\Whilokii\updateWhilokii.exe -- (Update Whilokii)
SRV - [2011-03-24 06:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
SRV - [2011-03-22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010-11-15 13:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=361&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=361&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=94010018E786BA10&affID=125035&tsp=5030
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.searchgol.com/?babsrc=HP_ss&mntrId=94010018E786BA10&affID=125035&tsp=5030"
FF - prefs.js..extensions.enabledAddons: plugin%40videofiledownload.com:1.5
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q="
[2012-04-01 02:08:36 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2013-10-09 06:26:31 | 000,000,000 | ---D | M] (BonanzaDeals) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
[2013-06-12 20:27:58 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\crossriderapp435@crossrider.com
[2013-10-09 06:27:17 | 000,000,000 | ---D | M] (SearchGol) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\ffxtlbr@searchgol.com
[2012-07-09 13:04:02 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\plugin@videofiledownload.com
[2013-06-07 23:59:25 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\toolbar@ask.com
[2013-06-12 20:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\crossriderapp435@crossrider.com\chrome\content\extensionCode
[2013-10-05 03:05:26 | 000,007,537 | ---- | M] () (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\extensions\firefox@whilokii.net.xpi
[2012-04-08 09:50:29 | 000,004,929 | ---- | M] () (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}.xpi
[2013-03-30 10:44:47 | 000,000,931 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\conduit.xml
[2013-02-18 14:53:38 | 000,001,294 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\delta.xml
[2013-10-09 06:27:19 | 000,001,302 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\searchgol.xml
[2012-04-01 02:08:35 | 000,002,519 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\Search_Results.xml
[2012-04-01 02:08:35 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found
O2 - BHO: (BonanzaDeals) - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000..\Run: [C3] File not found
O4 - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000..\Run: [iLivid] "C:\Users\cisca\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found
[2013-10-09 21:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iMesh Applications
[2013-10-09 06:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchgol
[2013-10-09 06:27:13 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
[2013-10-09 06:27:12 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\searchgol
[2013-10-09 06:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\BitGuard
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Whilokii
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Local\BonanzaDealsLive
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\BonanzaDealsLive
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDealsLive
[2013-10-09 06:26:30 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
[2013-10-09 06:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDeals
[2013-10-10 08:17:57 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
[2013-10-09 06:26:54 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
[2013-10-09 06:26:49 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
:Files
C:\Program Files (x86)\Whilokii
C:\Program Files (x86)\BonanzaDealsLive
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
C:\PROGRA~2\SEARCH~1
C:\Users\cisca\AppData\Local\iLivid
C:\Program Files (x86)\Splashtop
:Commands
[resethosts]
[emptytemp]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
oke running the new scan :o im so gonne kill my comp hahahah
-
heres the log after the reboot
what is that weird wpadnet dat for thing? that more people get it?
now the quic scan
-
the quick scan log
-
It is used to get a list of IP addresses
Is Avast still alerting ?
-
yes its stil alerting big times.. it say skype /phone exe.. then alert windows sidebar, then sometimes it say avast exe.
-
OK run this fix
Then run the MSFixit here http://support.microsoft.com/kb/2719662
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:OTL
SRV - [2013-09-05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
:Commands
[resethosts]
[emptytemp]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
did all and here the log.. bit avast stil doing the same grrr.
-
Could you attach a screen shot of the alert please
-
oke screen shot and its first time i get this new one.. normal its from skype phone exe or avast exe or windows sidebar(http://avast alarm)
-
screen shot
-
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
- Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
- please be patient as this can take a while to complete depending on your system's specifications
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- post the contents of JRT.txt into your next message.
-
oke done it and log attachd
-
now i lost all pictograms in bar below like avast and all others i had there? ???
does that mean they dont run anymore?
and aiai i did skype on and right away that alarm went off again
-
Is there a little up arrow next to the clock ? Click that and select customise
That will alow you to set them back on the bar again
I think I will report this to Avast as I feel that this may be a false positive on skype
-
smiles thank you an dim sorry for taking up all your time.. but hugs you tight .
your my hero for sure that you safe my comp from getting fly lesson out the window.
realy i thank you so much, :) :-* :)
-
so this means my comp is good again? no infection or malware troubles?
:)
-
As it stands I can see no malware, I have asked Avast to look at this and one other thread where there are detections on Skype and Kies with no apparent malware
Are the alerts still appearing after updating Avast ?
-
wel i found out when i turn on skype avast starts to alert big times, and keeps alerting.. so i have turnd off skype for now and its quiet,
hope avast can set that so i can use skype again
-
I think I will install Skype to see if I get the same alerts
-
i stil get the alarms from avast.. from skype phone exe and from avast exe .. :-[
-
Hmm I now have Skype on my system and am not experiencing any alerts
Lets look deeper
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
-
im sorry didnt know how to stop the other prgrams but i stopt avast
-
Did you install avgchrome at all ?
-
no never installed avg.. i always use avast
-
OK lets remove that next. It was installed four days ago
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:Files
c:\users\cisca\AppData\Local\avgchrome
:Commands
[resethosts]
[emptytemp]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
and the new log. and avast stil dings happy its alarm. ppffff..
im so sorry its hard ot get it out as i dont know anything form comps
-
i stil dont know as i read all others aswell with same problems.. maybe its avast that has changed something? ?
-
I would not have thought so as I would be getting the alerts as well :)
Could you set up your computer to use OpenDNS (it is free) and let me know if the alerts continue, as I need to rule out a router infection
http://www.opendns.com/home-solutions/parental-controls/
-
I would not have thought so as I would be getting the alerts as well :)
Could you set up your computer to use OpenDNS (it is free) and let me know if the alerts continue, as I need to rule out a router infection
http://www.opendns.com/home-solutions/parental-controls/
oke now i get lost as i dont understand this i signd in then it tels me to go to cpontol and network sharing... pff i dont know where that all is :-[
-
oke found that part but now this?Windows Go to Start menu -> Run -> Type cmd -> press Enter/Return ipconfig /flushdns
i realy dont know this part
dont know what o done but Success! You're now using OpenDNS.
-
Is the alert still apparent ?
Could yo go to control panel > internet options > Programs
Select manage addons and uninstall Skype toolbar
-
so far no alarm. i cponnected my wacom tablet and i have skype on but nothing yet. normal avast would scream like crasy,
what does this means?
-
Is the alert still apparent ?
Could yo go to control panel > internet options > Programs
Select manage addons and uninstall Skype toolbar
just checked and i dont have a skype toolbar
-
That would indicate a router infection as OpenDNS bypasses the DNS server in your router. Some malware can alter the DNS server in the router to use their one
Let it run for a while and if it holds I will tell you how to reset the router.. Meanwhile enjoy the peace an quiet :)
-
That would indicate a router infection as OpenDNS bypasses the DNS server in your router. Some malware can alter the DNS server in the router to use their one
Let it run for a while and if it holds I will tell you how to reset the router.. Meanwhile enjoy the peace an quiet :)
:D ;D smiles wle it sure is quiet without the ding ding ding from avast.. now i got other problem hahaha people 2 doors from my house been drilling for 4 months now every day.. maybe il send them to this also i whant all hushhhhhhh hahaha
// joke). but oke il wait for the next step to get that infection out.. but dangggggg your great to help me like this. even im a paint in the butt as i dont know all
-
Nope, not a pain, as this type of malware changes all the time and is sometimes an exercise to track it down
-
oh but its a horizonbox but my cuasing who come shere to play on his laptop dont get the avast alarm tho
ph this is also good to know maybe this helps the others aswell with that wpad trouble
-
ghrrr sinds 2 days now i have to turn off avast to get on internet.. once im on it its oke...
how do i change that setting in avast? that he allows me to go on internet
-
What firewall are you using ? And what error do you get
-
just avast. i think. but i have to set avast off for 10 min then i cant get on here and other stuff then after 10 in avast turns on and no problem
amd mo error i just cant get on internet unless i turn of avast for 10 min then all is oke
-
OK lets reinstall Avast to a pristine state
Download Uninstall Utility (http://www.avast.com/uninstall-utility) to your Desktop.
Download the correct version of Avast
Avast Free (http://files.avast.com/iavs5x/avast_free_antivirus_setup.exe)
Avast Pro (http://files.avast.com/iavs5x/avast_pro_antivirus_setup.exe)
Avast Internet Security (http://files.avast.com/iavs5x/avast_internet_security_setup.exe)
Avast Premier (http://files.avast.com/iavs5x/avast_premier_antivirus_setup.exe)
Disconnect from the net
Uninstall Avast via control panel
- Run aswClear
- It will offer to reboot to safe mode accept that
(https://dl.dropbox.com/u/73555776/aswclear.JPG)
- In the Select Product to Uninstall dropdown choose the version of Avast that is on your system.
- Press Uninstall
- Once complete reboot your system to Normal Mode
- Reinstall Avast
----------