Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on October 23, 2015, 12:11:29 AM
-
Lately I've been getting redirected from normal websites (e.g. news sites) to this link http://asnews.com.sg/
Avast and MWB does not block this. Does anyone know why I'm getting redirected to an ad site?
-
Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0
-
I was wondering if others have had this issue (see https://techstuffer.com/is-adsense-ads-hijacking-back/)
Thanks for your help. I've attached MBAM log and FRST log (don't currently have Avast on this computer due to other issues - but sincerely appreciate the help!!)
From the logs are you able to tell if there is an infection?
-
OK, now you've to wait a bit...
-
Nothing apparent on the system but it does appear that google ads have been hijacked again
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
CustomCLSID: HKU\S-1-5-21-68445597-3011568585-1132358845-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-68445597-3011568585-1132358845-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-68445597-3011568585-1132358845-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-68445597-3011568585-1132358845-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-68445597-3011568585-1132358845-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-68445597-3011568585-1132358845-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-68445597-3011568585-1132358845-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-68445597-3011568585-1132358845-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-68445597-3011568585-1132358845-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-68445597-3011568585-1132358845-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-68445597-3011568585-1132358845-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-68445597-3011568585-1132358845-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
-
Thank you so much for your help!! :)