Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: 0Just ME0 on December 04, 2013, 08:22:41 AM
-
Hello
As I surf with firefox avast constantly pops-up saying that it protected me from an infection
I had run a deep scan with 0 results then a boot-up scan again with 0 and the pop-up still constantly appears.
Cleaning up browser neither.
Returning to previous versions of the installation folder of firefox changes nothing
I dont find anything in the web related to the page and it always is the same direction:
"http://secure-content-delivery.com/data.geo.php?callback=window.__geo.dataLoaded"
Trying to acces from my mobile to that page says its protected by ligttpd and google cant get a preview of the page
Please help me to get rid of what the program says "URL:Mal"
-
As I surf with firefox avast constantly pops-up saying that it protected me from an infection
this indicate a infection ....something is trying to phone home
follow guide and attach the requested logs (not copy and paste) http://forum.avast.com/index.php?topic=53253.0
we need Malwarebytes / OTL / aswMBR
when done a malware expert will check the logs
-
Thank you for the fast response
Here are the reports; the Extras file came with the OTL and the post dont say nothing about so I included it
-
removal experts are notified, it may take some hours before they are online....
it seems you have 3 AV programs installed avast, AVG, Avira
installing multiple AV will give you a slow machine, windows errors and false detections
General: Uninstalling a third-party antivirus software. http://www.avast.com/faq.php?article=AVKB11
-
it seems you have 3 AV programs installed avast, AVG, Avira
installing multiple AV will give you a slow machine, windows errors and false detections
There can be only one.
Next:
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) ((http://www.mcshield.net/personal/magna86/Images/FRST_canned.png)) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Under Optional Scan ensure "Driver MD5" are ticked.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
-
These are the logs requested.
I forgot to mention that the detected program by avast was firefox, but yet I can surf normally
I had uninstalled the other two av
-
Do you listen to Lou Reed :)
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
HKLM-x32\...\Run: [] - [x]
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=fft-1&from=fft-1&uid=ST3500418AS_5VMETGGZ____5VMETGGZ&ts=1351099393
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=fft-1&from=fft-1&uid=ST3500418AS_5VMETGGZ____5VMETGGZ&ts=1351099393
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.v9.com/web/?q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKCU - {E5BC8517-D549-4FA9-B281-C50C6F562268} URL = http://fileservehome.com/?tmp=toolbar_FileServe_results&prt=fileservetb01ie&Keywords={searchTerms}&clid=90be3fb048654a30825d1ad3ac4055c6
FF DefaultSearchEngine: v9
FF SearchEngineOrder.1: v9
C:\Users\Wottan\AppData\Local\Temp\AskSLib.dll
C:\Users\Wottan\AppData\Local\Temp\avgnt.exe
C:\Users\Wottan\AppData\Local\Temp\devcon64.exe
C:\Users\Wottan\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Wottan\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Wottan\AppData\Local\Temp\htmlayout.dll
C:\Users\Wottan\AppData\Local\Temp\swt-win32-3349.dll
End
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
.
************ Next ***************
Please download zoek.zip or zoek.rar by smeenk ((http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png)) from here (http://hijackthis.nl/smeenk) or here (http://home.kpn.nl/stefsmeenk/zoek.exe) and save it to your Desktop.
Unpack the archive...
- Close any open browsers
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html) or this (http://www.bleepingcomputer.com/forums/topic114351.html) Instruction.
- Double click on zoek.exe to run the tool .
Please wait while the tool does not start...
- Copy the text present inside the code box below and paste it into the large window in the zoek tool:
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;- Click on (http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png) button.
Please wait until a logreport will open (this can be after reboot)
- Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"
-
Here are the logs
-
- Close any open browsers
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html) or this (http://www.bleepingcomputer.com/forums/topic114351.html) Instruction.
- Double click on zoek.exe to run the tool .
Please wait while the tool does not start...
- Copy the text present inside the code box below and paste it into the large window in the zoek tool:
emptyalltemp;
autoclean;
emptyclsid;
ipconfig /flushdns >> %temp%\log.txt;b
emptyrecycle.bin;- Click on (http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png) button.
Please wait until a logreport will open (this can be after reboot)
- Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"
.
situation?
-
These are the results
-
To the moment seems all clear; no pop-up from avast in any page thank you very much If anything happens related to this, I'll keep you informed
-
You will not have more pro 8)
Please download DelFix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) by "Xplode" to your Desktop.
Run the tool and check the following boxes below;
- Remove disinfection tools
- Create registry backup
- Purge System Restore
Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
> I don't need DelFix log report.