Avast WEBforum

Other => Viruses and worms => Topic started by: 4gateftw on April 09, 2014, 07:39:37 PM

Title: URL MAL alerts
Post by: 4gateftw on April 09, 2014, 07:39:37 PM

Hi, I've been getting alerts probably every few minutes saying that Avast web shield has blocked an infection called "URL Mal". I'm not completely tech illiterate, but I can't seem to figure out how to get rid of this, and the alerts come up no matter what I do. Help would really be appreciated. Thanks.

Title: Re: URL MAL alerts
Post by: essexboy on April 09, 2014, 07:40:48 PM

Hi could you attach a screenshot of the alert

Download OTL (http://oldtimer.geekstogo.com/OTL.exe)  to your Desktop
Secondary link (http://www.itxassociates.com/OT-Tools/OTL.exe)

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

(https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif)

• Select All Users
  
• Select LOP and Purity
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Attach  both logs

THEN

Download aswMBR.exe (http://files.avast.com/files/rootkit-scanner/aswmbr.exe) ( 4.5mb ) to your desktop.
 Double click the aswMBR.exe to run it  Click the "Scan" button to start scan 

(https://dl.dropboxusercontent.com/u/73555776/AswMBR%20scan.JPG)


On completion of the scan click save log, save it to your desktop and attach in your next reply

Title: Re: URL MAL alerts
Post by: 4gateftw on April 09, 2014, 07:49:49 PM

Hi, here is the screenshot you asked for, I'll get working on the instructions you put.

Title: Re: URL MAL alerts
Post by: essexboy on April 09, 2014, 07:51:25 PM

Ta that suggests a chrome infection

Title: Re: URL MAL alerts
Post by: 4gateftw on April 09, 2014, 08:24:06 PM

Done with those instructions, here's all the stuff you requested, and thanks for your time.

Title: Re: URL MAL alerts
Post by: essexboy on April 09, 2014, 08:37:58 PM

OK to work :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  (https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.
  

Title: Re: URL MAL alerts
Post by: 4gateftw on April 09, 2014, 09:10:12 PM

Hi, I did the second set of instructions, here are the logs you requested. I'm already not getting those alerts anymore :D

Title: Re: URL MAL alerts
Post by: essexboy on April 09, 2014, 09:30:43 PM

Any further problems ?

Title: Re: URL MAL alerts
Post by: 4gateftw on April 09, 2014, 09:32:05 PM

None whatsoever, thanks so much for your help, you are awesome! I'll be sure to be more careful with what I download in the future, thanks again!

Title: Re: URL MAL alerts
Post by: essexboy on April 09, 2014, 09:33:40 PM

In that case methinks I will send you on your merry way :)

Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Download and run Delfix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)

(https://dl.dropboxusercontent.com/u/73555776/delfix.JPG)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware

(https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG)

Malwarebytes (http://www.malwarebytes.org/mbam-download.php).

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide  Best security practices  (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/)Keep safe  :wave: