« previous next »
Pages: [1]   Go Down

Author Topic: MAL URL  (Read 2173 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
MAL URL
« on: June 08, 2015, 06:04:50 PM »
URL:http://anythicago.com/4141/RelayTurbo_142668814314552.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

URL:http://simplesitescan.net/4141/LighterInit_142669556111830.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

URL:http://alwaysisobar.com/4141/CutterGeneration_142669028208336.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

URL:http://bestdriverstar.net/4141/CutterSystem_142669222915982.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

URL:http://opticguardzip.net/4141/CutterSystem_142669222919983.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe


Hey, here are popus that came every 15 minutes, I saw on an other post that I should post a scanlog from many softwares.
I followed https://forum.avast.com/index.php?topic=53253.0 this page
P.S. : Sorry for my bad english, I'm french. ;S

Thanks !
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: MAL URL
« Reply #1 on: June 08, 2015, 06:49:46 PM »
Could you let me know if this stops the alerts

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
AppInit_DLLs-x32: 0 => "0" File not found
Startup: C:\Users\Baboune 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-13]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{f2f05cf5-7f35-9324-f2f0-05cf57f373d5}\hqghumeaylnlf.exe (No File)
URLSearchHook: HKLM-x32 - (No Name) - {09a07b02-f491-4b6b-bfc9-684a624f4f3b} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - !{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} -  No File
Toolbar: HKLM-x32 - No Name - !{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} -  No File
2015-05-13 15:43 - 2015-05-13 15:43 - 00003288 _____ C:\Windows\System32\Tasks\Chromium
2015-05-13 15:41 - 2015-05-13 15:44 - 00000000 ____D C:\Users\Baboune 2\AppData\Local\Chromium
Task: {031E945D-DCC9-4C4B-ADD0-FA7ACD1F3125} - \FreeHDSport TV V6.0-updater No Task File <==== ATTENTION
Task: {5C46562D-46A6-4C0E-BB31-8B3D6BD92857} - System32\Tasks\{560A3FC9-48E7-40CF-AF3F-8FEFF90EBB7E} => pcalua.exe -a "C:\Program Files (x86)\OfferBox\uninst.exe"
Task: {6D4AFA6D-6499-4D77-B7F1-490D96983932} - \FreeHDSport TV V6.0-codedownloader No Task File <==== ATTENTION
Task: {7F1C80F3-7B2A-40C1-B6B3-108FC5E2AB7C} - \FreeHDSport TV V6.0-enabler No Task File <==== ATTENTION
Task: {B55C59FD-5EC4-4830-BC0E-C01F5E5D74E4} - System32\Tasks\5011 => Wscript.exe C:\Users\Christel\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {CC33C9DC-58F7-4161-962F-A86B7D5E9628} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: C:\Windows\Tasks\Chromium.job => C:\Users\BABOUN~1\AppData\Local\Chromium\APPLIC~1\440238~1.0\INSTAL~1\UNINST~1.EXE
C:\ProgramData\{f2f05cf5-7f35-9324-f2f0-05cf57f373d5}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
Logged

REDACTED

  • Guest
Re: MAL URL
« Reply #2 on: June 08, 2015, 08:12:33 PM »
Hey, thanks to reply, it doesn't stop the alerts, so I post these files in attachments.
Thanks !
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: MAL URL
« Reply #3 on: June 08, 2015, 08:23:12 PM »
You need to press fix not search that is why the alerts are still present

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
AppInit_DLLs-x32: 0 => "0" File not found
Startup: C:\Users\Baboune 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-13]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{f2f05cf5-7f35-9324-f2f0-05cf57f373d5}\hqghumeaylnlf.exe (No File)
URLSearchHook: HKLM-x32 - (No Name) - {09a07b02-f491-4b6b-bfc9-684a624f4f3b} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - !{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} -  No File
Toolbar: HKLM-x32 - No Name - !{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} -  No File
2015-05-13 15:43 - 2015-05-13 15:43 - 00003288 _____ C:\Windows\System32\Tasks\Chromium
2015-05-13 15:41 - 2015-05-13 15:44 - 00000000 ____D C:\Users\Baboune 2\AppData\Local\Chromium
Task: {031E945D-DCC9-4C4B-ADD0-FA7ACD1F3125} - \FreeHDSport TV V6.0-updater No Task File <==== ATTENTION
Task: {5C46562D-46A6-4C0E-BB31-8B3D6BD92857} - System32\Tasks\{560A3FC9-48E7-40CF-AF3F-8FEFF90EBB7E} => pcalua.exe -a "C:\Program Files (x86)\OfferBox\uninst.exe"
Task: {6D4AFA6D-6499-4D77-B7F1-490D96983932} - \FreeHDSport TV V6.0-codedownloader No Task File <==== ATTENTION
Task: {7F1C80F3-7B2A-40C1-B6B3-108FC5E2AB7C} - \FreeHDSport TV V6.0-enabler No Task File <==== ATTENTION
Task: {B55C59FD-5EC4-4830-BC0E-C01F5E5D74E4} - System32\Tasks\5011 => Wscript.exe C:\Users\Christel\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {CC33C9DC-58F7-4161-962F-A86B7D5E9628} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: C:\Windows\Tasks\Chromium.job => C:\Users\BABOUN~1\AppData\Local\Chromium\APPLIC~1\440238~1.0\INSTAL~1\UNINST~1.EXE
C:\ProgramData\{f2f05cf5-7f35-9324-f2f0-05cf57f373d5}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that
Logged

REDACTED

  • Guest
Re: MAL URL
« Reply #4 on: June 08, 2015, 09:06:51 PM »
Apparently, alerts has been stopped  ;D Thank you a lot for your help !
Logged
Pages: [1]   Go Up
« previous next »