Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on February 28, 2015, 10:32:28 AM

Title: URL:Mal alert on system startup.
Post by: REDACTED on February 28, 2015, 10:32:28 AM

Upon system start up avast blocks a Infection with the details:

URL: http//blackled.info/3131/LighterEdit_142243196703854.dll   (this changes every time)
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

Iv'e run full system scans, boot time scans scans with Malwarebytes and none have fix this issue.

Any help is appreciated.

Title: Re: URL:Mal alert on system startup.
Post by: Asyn on February 28, 2015, 11:03:41 AM

Attach your basic logs. (MBAM, FRST and aswMBR..!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

Title: Re: URL:Mal alert on system startup.
Post by: REDACTED on February 28, 2015, 11:38:35 AM

Thank you for the response but my temperamental computer froze, restarted and the problem has gone away

Title: Re: URL:Mal alert on system startup.
Post by: REDACTED on February 28, 2015, 01:40:12 PM

I was wrong.

Here are the logs.

Title: Re: URL:Mal alert on system startup.
Post by: essexboy on February 28, 2015, 04:09:37 PM

Could you let me know if this stops it

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

Quote

CreateRestorePoint:
StartMenuInternet: Google Chrome.QFZAVKJT3FQMZZXLJQRV6VNGSQ - C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=sc&ts=1423177484&from=tti&uid=WDCXWD10EADS-114BB1_WD-WCAV5K86889068890
S2 ncjdZbEInx; "C:\ProgramData\wqRoXPVDEqY\ncjdZbEInx.exe" [X]
2015-02-06 10:37 - 2015-02-06 10:37 - 00000000 __SHD () C:\Users\Bob\AppData\Local\EmieUserList
2015-02-06 10:37 - 2015-02-06 10:37 - 00000000 __SHD () C:\Users\Bob\AppData\Local\EmieSiteList
2015-02-06 10:37 - 2015-02-06 10:37 - 00000000 __SHD () C:\Users\Bob\AppData\Local\EmieBrowserModeList
C:\ProgramData\wqRoXPVDEqY
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.
  

Title: Re: URL:Mal alert on system startup.
Post by: REDACTED on March 01, 2015, 06:57:17 AM

Logs.

Title: Re: URL:Mal alert on system startup.
Post by: essexboy on March 01, 2015, 12:46:28 PM

Could you confirm that the alerts have ceased