Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on April 29, 2015, 09:45:39 PM

Title: Malware alerts on startup
Post by: REDACTED on April 29, 2015, 09:45:39 PM

(http://i.imgur.com/IdlpGdx.png)

I'm getting anywhere between 4-12 of these popup messages (with varying urls) from Avast every time I boot up my computer. I've already tried scanning with several different antivirus/malware removal programs, and none of them can detect any issues. From what I can see in other topics, this is a fairly common problem at the moment, so I hope it can be resolved without too much trouble.

I've attached all the requested logs. Any help would be greatly appreciated!

Title: Re: Malware alerts on startup
Post by: TwinHeadedEagle on April 29, 2015, 09:46:13 PM

Preparing fix.

Title: Re: Malware alerts on startup
Post by: TwinHeadedEagle on April 29, 2015, 10:08:05 PM

(https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png) Scan with ZOEK

Please download ZOEK (http://hijackthis.nl/smeenk/) by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here (http://www.bleepingcomputer.com/forums/topic114351.html).

• Right-click on (https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png) icon and select (https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg) Run as Administrator to start the tool.
  
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

Code: [Select]

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
  
• Push Run Script and wait patiently. The scan may take a couple of minutes.
  
• When the scan completes, a zoek-results logfile should open in notepad.
  
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Title: Re: Malware alerts on startup
Post by: REDACTED on April 29, 2015, 10:33:26 PM

Done. Here are the results.

Title: Re: Malware alerts on startup
Post by: TwinHeadedEagle on April 30, 2015, 09:20:20 AM

How is the situation now?

Title: Re: Malware alerts on startup
Post by: REDACTED on April 30, 2015, 05:21:54 PM

No change, still getting popups.

Title: Re: Malware alerts on startup
Post by: TwinHeadedEagle on May 01, 2015, 10:19:08 AM

(https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif) Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on (https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif) icon and select (https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg) Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Make sure that Addition option is checked.
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  

Please include their content into your next reply.

Title: Re: Malware alerts on startup
Post by: REDACTED on May 01, 2015, 10:15:38 PM

Here you go.

Title: Re: Malware alerts on startup
Post by: TwinHeadedEagle on May 02, 2015, 08:35:36 AM

Download (http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png)Malwarebytes Anti-Rootkit (http://'https://www.malwarebytes.org/antirootkit/') to your desktop.

• Double-click the icon to start the tool.
• It will ask you where to extract it, then it will start.
• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  
• Click in the introduction screen "next" to continue.
  
• Click in the following screen "Update" to obtain the latest malware definitions.
  
• Once the update is complete select "Next" and click "Scan".
  
• When the scan is finished and no malware has been found select "Exit".
  
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  
• Open the MBAR folder and paste the content of the following files in your next reply:
• "mbar-log-{date} (xx-xx-xx).txt"
  
• "system-log.txt"
  

Title: Re: Malware alerts on startup
Post by: REDACTED on May 04, 2015, 07:40:58 PM

Still no malware detected, unfortunately.

Title: Re: Malware alerts on startup
Post by: TwinHeadedEagle on May 04, 2015, 07:42:09 PM

(https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif) Fix with Farbar Recovery Scan Tool

(https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif) This fix was created for this user for use on that particular machine. (https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif)
(https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif) Running it on another one may cause damage and render the system unstable. (https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif)

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on (https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif) icon and select (https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg) Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

Please attach it to your reply.

Title: Re: Malware alerts on startup
Post by: REDACTED on May 05, 2015, 05:10:38 AM

I think that might have done it... no alerts on start up after rebooting a couple times to be sure.

Title: Re: Malware alerts on startup
Post by: TwinHeadedEagle on May 05, 2015, 08:21:46 AM

Good. Keep me updated.

Title: Re: Malware alerts on startup
Post by: REDACTED on May 05, 2015, 08:27:57 PM

Several more restarts and general usage and I haven't seen any more signs of the malware. I'll be sure to post again if there are any further issues, but so far it looks like that did the trick finally! Thanks a bunch!  :D

Title: Re: Malware alerts on startup
Post by: TwinHeadedEagle on May 05, 2015, 08:32:15 PM

Cheers :)

• The following will implement some post-cleanup procedures:

=> Please download DelFix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) by Xplode to your Desktop.

Run the tool and check the following boxes below;
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Remove disinfection tools
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Create registry backup
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.