Avast WEBforum
Other => Viruses and worms => Topic started by: REDACTED on July 25, 2017, 02:48:11 PM
-
For the past 2/4 weeks I've been getting the "threat has been detected" pop up from avast around 5 minutes into opening firefox and then consistently every hour or 2 while its open.
The blocked threat is: "Object: http://tracknl.info/installmate/php/sprotector.php" and I have attached a screenshot of the pop up to the post.
I've ran a smart scan on avast, a threat and full scan on malwarebytes which both finding nothing, as well as using CCleaner to delete firefox's internet cache, session, cookies and compact databases and I'm still getting the pop up.
I remember changing something in firefox's about:config around the time this started happening, regarding not being able to reply to emails in gmail, but I'm not sure the two are correlated. I've only downloaded images and video files before it started happening so I'm at a bit of a loss..
I've attached my logs from malwarebytes and Farbar as well so hopefully someone can help me out.
Thanks in advance!
-
and I have attached a screenshot of the pop up to the post.
No screenshot is attached?
Blacklisted URL
https://virustotal.com/en/url/aaac62d8a5589f01e95e14f0350b7ada2a6ba2bf5f6fa0662412acb8d372df30/analysis/1500987440/
Dr.Web info: known infection source/not recommended site
Websense ThreatSeeker: hacking. potentially unwanted software
Try run AdwCleaner >> https://www.malwarebytes.com/adwcleaner/
Malware experts is notified and will check your logs when online
-
Ahh sorry I missed the screenshot off, I'll attach it now.
Thanks for the quick reply and I'll download and run AdwCleaner now
-
Ok adwcleaner runs very quickly then freezes whilst trying to post actions.. I've disabled avast, windows firewall and run as admin and the problem is persisting.
Read something on another forum saying to download and older version? Should I continue looking into this whilst waiting for malware experts?
Thanks again
-
you may try run it from safe mode
Anyway, if you have a bug, malware expert will see it in the FRST logs and remove it ;)
-
Cheers man I'll give it a try
Thanks for your help :)
-
Step 1
Go to Start -> Control Panel -> Programs and Features and uninstall:
Free File Viewer 2014
Step 2
- Open Notepad (click Start button -> type notepad.exe -> press Enter)
- Copy text from code block below and paste it into Notepad
Start
CreateREstorePoint:
AppInit_DLLs-x32: c:\progra~2\appsar~1\sprote~1.dll => c:\Program Files (x86)\AppsAreFun\sprotector.dll [427520 2012-10-11] ()
ProxyServer: [S-1-5-21-3223360010-1691467728-3950846521-1000] => localhost:8118
CHR Extension: (Yahoo Partner) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2017-04-14]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
Task: {823CDA32-270B-40BF-8436-BDCCCD6861B6} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{6D7F2E0A-B626-49E4-9D91-681E020AE3BC}.exe <==== ATTENTION
Task: {E3DBA3B4-6996-4C9F-8FCA-98ED979D5F14} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{6D7F2E0A-B626-49E4-9D91-681E020AE3BC}.exe <==== ATTENTION
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
c:\Program Files (x86)\AppsAreFun
AlternateDataStreams: C:\Users\Nathan:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [144]
AlternateDataStreams: C:\Users\Nathan\Cookies:SlvMdeZbYydvcQgLQ [2028]
AlternateDataStreams: C:\Users\Nathan\Cookies:xAxagYP8ASaLqkniNUi4T [2036]
AlternateDataStreams: C:\Users\Nathan\Local Settings:aqsx6fnm1q1P6YPEAtWG5JIx [2122]
AlternateDataStreams: C:\Users\Nathan\AppData\Local:aqsx6fnm1q1P6YPEAtWG5JIx [2122]
AlternateDataStreams: C:\Users\Nathan\AppData\Local\Application Data:aqsx6fnm1q1P6YPEAtWG5JIx [2122]
AlternateDataStreams: C:\Users\Nathan\AppData\Local\Temporary Internet Files:BCwsM0JCVxgScYiPr3mPbC [2710]
EmptyTemp:
End
- Go to File -> Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
-
Ok done, thanks again
EDIT: originally attached wrong fixlog first updated (17:05)
-
Does Avast still blocks threats? Please, post new FRST.txt and Addition.txt.
-
Had firefox open for about an hour now and no problems to report so i think its all fixed :)
here are additional FRST files
Thanks so much Sass Drake!
-
Glad to hear that. :)
You can safely delete folder C:\FRST.