Avast WEBforum
Other => Viruses and worms => Topic started by: cruisecontrol49 on March 18, 2014, 02:26:03 AM
-
I keep getting random malicious pop-ups from Avast with this URL.
I have downloaded otl, mbam, aswmbr, adwcleaner. I have been running Avast, CCleaner, and Mbam on a regular maintenance basis. Mbam scan shows nothing malicious in quick scan mode.
...appreciate any help, thanks for your time and knowledge
Windows 7 home premium
Avast 2014
Firefox
-
hey and welcome to the forum.
please follow this guide and attach your logs ( we need the logs from mbam,otl and aswmbr)
http://forum.avast.com/index.php?topic=53253.0
a malware expert will help you from there.
ps could you also provide a picture of that avast popup it will give the malware expert some more information.
-
...here is Mbam, I will have to post OTL in a second post. I get a "message body is empty" error when I try to attach them, so I will have to copy & paste. If I try to copy & paste both of them I exceed character maximum.
...also when I tried to run awsbmr it seemed to freeze at one point in the scanning process. I walked away to wait it out, when I looked back I had a black windows message that it had shut down improperly. I just let Windows reboot it and I got a desktop popup saying "windows had recovered from an unexpected shutdown". Do I need to try and run awsbmr again?
--------------------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.17.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Bruce (Lenovo) :: BRUCELENOVO-PC [administrator]
3/18/2014 8:38:29 AM
mbam-log-2014-03-18 (08-38-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 244616
Time elapsed: 5 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
OTL must be attached..... or it will take 10 posts with copy and paste
you may tru to run aswMBR from safe mode
-
thanks for being patient, I'm working on it.
-
OTL
-
apologize again...I think I've got it right, if not let me know.
I ran aswmbr in safe mode. I have not received anymore Avast popups, but I will try to post them if they show up.
thanks again for your patience
-
Hi did you run AdwCleaner on your computer ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:OTL
IE - HKU\S-1-5-21-2347637176-146510975-2075407822-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&tbp=rbox&toolbarid=blekkotb_soc&u=20120510153B42EDA9559B97E0111B26&q={searchTerms}
FF - prefs.js..extensions.enabledAddons: crossriderapp2258%40crossrider.com:0.94.149
FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_soc&u=USERGUID&q="
[2014/03/07 14:21:04 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Bruce (Lenovo)\AppData\Roaming\Mozilla\Firefox\Profiles\l2xt4udt.default\extensions\crossriderapp2258@crossrider.com
[2014/03/07 14:21:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce (Lenovo)\AppData\Roaming\Mozilla\Firefox\Profiles\l2xt4udt.default\extensions\crossriderapp2258@crossrider.com\extensionData
[2014/03/07 14:21:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce (Lenovo)\AppData\Roaming\Mozilla\Firefox\Profiles\l2xt4udt.default\extensions\crossriderapp2258@crossrider.com\extensionData\plugins
[2014/03/07 14:21:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce (Lenovo)\AppData\Roaming\Mozilla\Firefox\Profiles\l2xt4udt.default\extensions\crossriderapp2258@crossrider.com\extensionData\userCode
:Commands
[resethosts]
[emptytemp]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
I'd say yes given he has it installed.
If you've run it, attach the log(s) in your next reply for Essexboy.
-
Ok...apparently I got trigger happy or confused, there are three AdwCleaner reports
I'm going to go run the fix now
as always... I appreciate your kindness
-
I ran the fix and attached the log.
I also attached the details screen from the Avast warning popup. I didn't get a chance to capture the popup, but if it returns I will post it (if you think you need it)
(disregard log attachment, getting the right one now)
-
Disregard log attachment in last post...my mistake, and I don't know how to delete posts or attachments
I attached the OTL log from the quick scan.
I tried to post the screenshot from the OTL scan window with this post, but I am being told my attachment is to large.
I wasn't sure if I was running the quick scan with the same ticks and custom data as the original scan... so I ran it the way it opened. If I need to re-run with the original, or a different configuration, let me know.
I will put the OTL quick scan window screenshot in the next post, and you can see if it was configured properly
I'm sorry about the confusion on my part, but I am learning, and I appreciate your patience
-
...here is the scan window screenshot as it was configured when I ran the quick scan
-
hey again, you doing fine and what the expert wants you to run so no problem there. Essexboy will be back later to continue help you so just be patience ;)
-
Nope, a quick scan is good. Have the alerts now ceased ?
-
no popups yet....I haven't been online as much due to family illness....I'll keep checking and get back to you in a day or two
-
I apologize for not getting back here sooner. I had an unexpected death in the family.
I have not been able to get online much, but I have not had any problems with popups.
I would like to thank all of you for your knowledge, time, and kindness.
-
Time is not a problem, real life rules.
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Download and run Delfix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
(https://dl.dropboxusercontent.com/u/73555776/delfix.JPG)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware
(https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG)
Malwarebytes (http://www.malwarebytes.org/mbam-download.php).
Update and run weekly to keep your system clean
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/)Keep safe :wave: