Avast WEBforum
Other => Viruses and worms => Topic started by: Yakster333 on June 26, 2020, 09:12:51 PM
-
I'm sorry if this is in the wrong place
I have been using Avast Free for years.
I have no idea what it is or where it came from.
For the last 30-48 hours I have been getting this popup every few minutes, usually 3 at a time behind each other.
It happens all the time constantly, I don't have to be doing anything, I can do a fresh boot and it comes up.
I think other weird things are going on within my PC as well, I have uninstalled Avast and tried AVG and it has the same popups...
Can someone please kindly direct me to what I need to do, and maybe tell me what it is.
Thanks...
Sincerely,
Yakster333
-
Considering that you aren't using your browser to visit this as the process involved is svchost.exe.
This is usually an indication of an underlying infection (hidden or undetected) and avast is preventing it from calling home, etc.
I believe you have an undetected piece of malware on your system that is (mis)using the svchost.exe file to access the internet. As it it s trying to access a blacklisted url avast is preventing possible further infection being downloaded.
This needs further analysis by a malware removal specialist:
Go to this topic https://forum.avast.com/index.php?topic=194892.0 (https://forum.avast.com/index.php?topic=194892.0) for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic
-
This malware can be the result a tool being used to crack a facebook or Instagram account as a result of a cron job.
polonus
-
Thanks for the help...
I already had MBAM, and I guess I had run it earlier today, but do not remember, sorry as wife just got home from hospital/alot going on... So I do not know if rootkits was turned on then, it may or may not be before I came here with the problem.
Anyhow, here are the 2 MBAM Logs
Thanks again, I will go check out the others now.
Sincerely,
Yakster333
P.S.- Do I hit the Fix button on the FRST after it is done or just upload the Txt documents?
-
Here is the FRST's
Thanks...
Sincerely,
Yakster333
-
The logs have to be analysed by a qualified malware removal specialist and they will craft a fix list for you to run (with instructions).
There may be some delay due to differing time zones and availability of the volunteer malware removal specialists.
-
Thank you so much... I am here, 24/7 I'm on E.S.T.
So I am assuming its as bad as I thought.
I was hoping there was a program or something that could do it, but obviously not.
I appreciate all of the help with this... Its quite annoying going off every few minutes...
For the time being, would it stop going off if I disconnected from the net and go offline, or would it still go off?
Wife missing playing on PC, lol
Anyways, Thanks again...
Sincerely,
Yakster333
-
Whilst I can't say if it is as bad as you thought, but for the moment it is likely to be benign as Avast is effectively stopping it getting worse.
Disconnecting I don't believe would stop it trying to connect, a bit like taking the battery out of your doorbell doesn't stop people ringing it.
What is your firewall could you try and block outbound connections to that URL ?
Or possibly block it in your HOSTS file - https://www.google.co.uk/search?q=block+url+using+hosts+file
The site does appear to be infected:
https://www.virustotal.com/gui/url/0f510494b9d78a5f6e2bc7277bb41f220d7e5e278a774959b3b72b44e905fcb3/detection
-
- Open Notepad (click Start button -> type notepad.exe -> press Enter)
- Copy text from code block below and paste it into Notepad
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v SearchList /d "" /f
Reboot:
- Go to File -> Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
-
Thanks...
Sincerely,
Yakster333
-
What is system status now?
-
The same...
Thanks
Sincerely,
Yakster333
-
Do you mean you are still getting the periodic Avast alerts ?
-
Yes...
And they stack up too.
Meaning, My wife didn't shut off the Puter last night and this morning, there were umpteen billion avast alerts stacked up...
Its Windows 7, I never mentioned that, if that means anything to ya.
Thanks,
Yakster333
-
The OS info is in your first FRST.txt file, but it will need further investigation by Sass Drake.
-
O.K.
Thank You...
Sincerely,
Yakster333
-
I want to thank you for trying to help with my issue.
Would you please close this thread as I am getting help from another Forum.
I didn't realize it would take this long here and I need this gone.
Thanks for all you both have done.
Sincerely,
Yakster333
-
No need to close it, it will just drop off the radar (list of topics) over time.
-
Please post new FRST.txt and Addition.txt.