Avast WEBforum
Other => Viruses and worms => Topic started by: REDACTED on May 25, 2015, 11:24:19 PM
-
I was surfing on Youtube yesterday and went to click one link in one video's description by accident. The link itself was beginning with "http://goo.gl/" so I didn't thought it would be dangerous. However when it opened in new window, it didn't seem to load at all and it just stayed as white empy window. In the right lower corner it said that it was trying to connect to "tinylink.ga..." I closed the window almost as soon as it didn't seem to load itself at all, I didn't recieve any Avast warnings or anything else abnormal in my computer (I run fast Avast and Malwarebytes scans as almost dialy basis, but I did do full scans just in case). However, later I got a little nervous about this subject and wanted to come here to ask if any of you could get anything out of this. The link itself is below...
goo.gl/YFh3eV
-
both goo.gl and tinylink are url shorteners.
They should not do any harm at all, but the site they link/point to can be malicious.
If you want we can check your system.
Follow the instructions and we will take a look:
https://forum.avast.com/index.php?topic=53253.0
-
Okay, I'll do it in the morning cause I have to go to bed. I'd just like to know are those two log programs good to use even with avast and/or malwarebytes installed or will they collide with them?
-
Sleep well.
Yes, all tools we mention are perfectly fine to use.
No problems working together with avast.
And another good thing... They are all free :D
-
Good morning! Here are my logs.
-
Thank you for the logs.
Now have patience.
One of the listed malware fighters will soon check the logs and help/guide you.
I have had a real quick look at them and at first glance I would say there is nothing to worry about.
-
Nothing untoward showing in the logs, just a little tidying to do really :)
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
BHO-x32: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
CHR HKU\S-1-5-21-3593363412-4209830269-3190633874-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Juha\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
2015-05-21 17:28 - 2015-05-21 17:28 - 00000000 ____D () C:\Users\Juha\AppData\Local\{D52222EF-140D-4441-A630-C5CEA6D95D03}
CustomCLSID: HKU\S-1-5-21-3593363412-4209830269-3190633874-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Juha\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3593363412-4209830269-3190633874-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Juha\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3593363412-4209830269-3190633874-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Juha\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3593363412-4209830269-3190633874-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Juha\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
-
My computer seemed to close and start a little bit slower after doing the fixup and I think I saw little black window for a split second before my wallpaper appeared, is that normal? ??? Otherwise the fix seemed to have worked fine so far.
-
Yes the black box was FRST finishing off emptying your temporary folders
-
Okay, so it's good. It seems that there was no problems in fixlog? My CCleaner notified me that there was less trash files than before doing the fix, so it seems that my computer sure is cleaner now, thanks! :D
-
Remove tools
Download and run Delfix (http://www.bleepingcomputer.com/download/delfix/)
Select the options as shown
(https://dl.dropboxusercontent.com/u/73555776/delfix.JPG)
-
Okay, done. It seems that Delfix also deleted itself too when it finished? Thanks again for all your help! :D
-
It's designed to delete all tools on the system we use, then itself.
Aka: it was supposed to do that :-)
-
Uh, hello again...
This may sound weird, but for some reason I haven't been able to not be very nervoius about my computer having some nasty hidden malware though I've still not noticed anything abnormal in my machine (aside Firefox acting little buggy). I quess stories about newer and nastier malwares have made me a little paranoid... :-[
Nevertheless, could someone be so kind and try to check these newer logs I ran (I've used CCcleaner since my last logs)? Also, how sure can I be about my PC's cleanliness based on these logs?
-
Logs still look good, reference the extensions when you run FRST it unhides them so that they are visible
When delfix is run and reset system settings is selected they should be hidden again.. If not go to control panel > folder options > view
Select "hide extensions for known file types "