Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on July 25, 2017, 02:48:11 PM

Title: Threat Blocked alert repeatedly popping up when using firefox
Post by: REDACTED on July 25, 2017, 02:48:11 PM
For the past 2/4 weeks I've been getting the "threat has been detected" pop up from avast around 5 minutes into opening firefox and then consistently every hour or 2 while its open.

The blocked threat is: "Object: http://tracknl.info/installmate/php/sprotector.php" and I have attached a screenshot of the pop up to the post.

I've ran a smart scan on avast, a threat and full scan on malwarebytes which both finding nothing, as well as using CCleaner to delete firefox's internet cache, session, cookies and compact databases and I'm still getting the pop up.

I remember changing something in firefox's about:config around the time this started happening, regarding not being able to reply to emails in gmail, but I'm not sure the two are correlated. I've only downloaded images and video files before it started happening so I'm at a bit of a loss..

I've attached my logs from malwarebytes and Farbar as well so hopefully someone can help me out.

Thanks in advance!
Title: Re: Threat Blocked alert repeatedly popping up when using firefox
Post by: Pondus on July 25, 2017, 02:59:21 PM
Quote
and I have attached a screenshot of the pop up to the post.
No screenshot is attached?


Blacklisted URL
https://virustotal.com/en/url/aaac62d8a5589f01e95e14f0350b7ada2a6ba2bf5f6fa0662412acb8d372df30/analysis/1500987440/

Dr.Web info: known infection source/not recommended site
Websense ThreatSeeker: hacking. potentially unwanted software

Try run AdwCleaner  >>  https://www.malwarebytes.com/adwcleaner/


Malware experts is notified and will check your logs when online



Title: Re: Threat Blocked alert repeatedly popping up when using firefox
Post by: REDACTED on July 25, 2017, 03:21:28 PM
Ahh sorry I missed the screenshot off, I'll attach it now.

Thanks for the quick reply and I'll download and run AdwCleaner now
Title: Re: Threat Blocked alert repeatedly popping up when using firefox
Post by: REDACTED on July 25, 2017, 03:35:50 PM
Ok adwcleaner runs very quickly then freezes whilst trying to post actions.. I've disabled avast, windows firewall and run as admin and the problem is persisting.

Read something on another forum saying to download and older version? Should I continue looking into this whilst waiting for malware experts?

Thanks again
Title: Re: Threat Blocked alert repeatedly popping up when using firefox
Post by: Pondus on July 25, 2017, 03:47:43 PM
you may try run it from safe mode

Anyway, if you have a bug, malware expert will see it in the FRST logs and remove it    ;)


Title: Re: Threat Blocked alert repeatedly popping up when using firefox
Post by: REDACTED on July 25, 2017, 04:04:38 PM
Cheers man I'll give it a try

Thanks for your help  :)
Title: Re: Threat Blocked alert repeatedly popping up when using firefox
Post by: Sass Drake on July 25, 2017, 05:09:24 PM
Step 1

Go to Start -> Control Panel -> Programs and Features and uninstall:
Free File Viewer 2014





Step 2

Code: [Select]
Start

CreateREstorePoint:

AppInit_DLLs-x32:  c:\progra~2\appsar~1\sprote~1.dll => c:\Program Files (x86)\AppsAreFun\sprotector.dll [427520 2012-10-11] ()
ProxyServer: [S-1-5-21-3223360010-1691467728-3950846521-1000] => localhost:8118
CHR Extension: (Yahoo Partner) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2017-04-14]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
Task: {823CDA32-270B-40BF-8436-BDCCCD6861B6} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{6D7F2E0A-B626-49E4-9D91-681E020AE3BC}.exe <==== ATTENTION
Task: {E3DBA3B4-6996-4C9F-8FCA-98ED979D5F14} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{6D7F2E0A-B626-49E4-9D91-681E020AE3BC}.exe <==== ATTENTION
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
c:\Program Files (x86)\AppsAreFun
AlternateDataStreams: C:\Users\Nathan:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [144]
AlternateDataStreams: C:\Users\Nathan\Cookies:SlvMdeZbYydvcQgLQ [2028]
AlternateDataStreams: C:\Users\Nathan\Cookies:xAxagYP8ASaLqkniNUi4T [2036]
AlternateDataStreams: C:\Users\Nathan\Local Settings:aqsx6fnm1q1P6YPEAtWG5JIx [2122]
AlternateDataStreams: C:\Users\Nathan\AppData\Local:aqsx6fnm1q1P6YPEAtWG5JIx [2122]
AlternateDataStreams: C:\Users\Nathan\AppData\Local\Application Data:aqsx6fnm1q1P6YPEAtWG5JIx [2122]
AlternateDataStreams: C:\Users\Nathan\AppData\Local\Temporary Internet Files:BCwsM0JCVxgScYiPr3mPbC [2710]

EmptyTemp:

End
Title: Re: Threat Blocked alert repeatedly popping up when using firefox
Post by: REDACTED on July 25, 2017, 06:00:32 PM
Ok done, thanks again

EDIT: originally attached wrong fixlog first updated (17:05)
Title: Re: Threat Blocked alert repeatedly popping up when using firefox
Post by: Sass Drake on July 25, 2017, 06:57:43 PM
Does Avast still blocks threats? Please, post new FRST.txt and Addition.txt.
Title: Re: Threat Blocked alert repeatedly popping up when using firefox
Post by: REDACTED on July 25, 2017, 07:57:00 PM
Had firefox open for about an hour now and no problems to report so i think its all  fixed :)

here are additional FRST files

Thanks so much Sass Drake!
Title: Re: Threat Blocked alert repeatedly popping up when using firefox
Post by: Sass Drake on July 25, 2017, 08:31:41 PM
Glad to hear that. :)

You can safely delete folder C:\FRST.