Multiple web shield threat detected

[wavebreak]

Think this might be the same thing others are experiencing in other threads but just encase please see logs.

This is what I keep getting multiple times seemly at random when I change or refresh page on chrome (havent tried on other browsers).

Avast! Websheild blocked a harmful webpage or file...
object: hxtp://sql3.true-secure.com/?id=982839&bro=CH 
Infection: URL:MAL
Process: C:\Program Files\Google\Chrome\Application\chrome.exe

[Eddy]

Be glad avast has blocked it.
http://urlquery.net/report.php?id=8779590
http://zulu.zscaler.com/submission/show/f5f78f08bc2a73e90f5505372ca55833-1389392065

Now have a little patience, someone will look at the log files and help you with them shortly.

[Secondmineboy]

Are you running Comodo INTERNET SECURITY and Avast together? If so please uninstall one those.
Avast and COMODO FIREWALL is OK.

You can safely uninstall Comodo GeekBuddy its just hugging up your RAM and CPU cycles.

[Secondmineboy]

Avast safed you from something there:

http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fsql3.true-secure.com
http://www.siteadvisor.com/sites/sql3.true-secure.com
https://www.virustotal.com/en/url/c77db39e9e96fdb656ed5b7cf168d3ab13da85dfc867f8a4484d96d09a40968e/analysis/1389392434/

[Michael (alan1998)]

Reported to mod for Link removal. Has someone PM'd the Removers?

[essexboy]

Let me know if this stops it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

:Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.
  

[polonus]

Well at this moment earlier malware could  be down: Down:   NA   RIPE   DE   abuse at hetzner.de   176.9.255.136    to 176.9.255.136   true-secure dot com   htxp://sql3.true-secure.com/index.php?id=440317

pol

[wavebreak]

Hi thank you soooo much for your help . Just doing some of the scans now but in the meantime wanted to ask is it true i am using 2 avs I thought my comodo was purely a firewall that can do virus scan on demand (not that I do this often I use malewarebytes and avast) so it would not conflict with avast...and with geek buddy comodo keeps reinstalling it but I thought it wouldn't slow me down asking as I don't open the file?

[wavebreak]

Ok well I have stopped getting the warnings from web shield . Please see attachments and thanks once again for your help!

Any idea what the virus would have done like keylogger or comp destroyer?

[essexboy]

CHR - Extension: VIS =  this was the problem and it appears to be an adware type programme

How is the computer behaving ?

[wavebreak]

Normally as far as I can tell thank you so much, have a great day dude