« previous next »
Pages: [1]   Go Down

Author Topic: something keeps trying to access go.wvydeo.com/xxx ... xxx  (Read 2516 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
something keeps trying to access go.wvydeo.com/xxx ... xxx
« on: November 15, 2015, 10:30:17 PM »
Ive scanned with everything under the sun for a week and can not find anything. Ive system restored and still I hear DING DING DING.
Can someone save my sanity?
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37698
Re: something keeps trying to access go.wvydeo.com/xxx ... xxx
« Reply #1 on: November 16, 2015, 12:00:41 AM »
follow instructions and attach requested logs  https://forum.avast.com/index.php?topic=53253.0

Logged

REDACTED

  • Guest
Re: something keeps trying to access go.wvydeo.com/xxx ... xxx
« Reply #2 on: November 16, 2015, 12:39:43 AM »
Malwarebytes Log attached
Logged

REDACTED

  • Guest
Re: something keeps trying to access go.wvydeo.com/xxx ... xxx
« Reply #3 on: November 16, 2015, 12:44:48 AM »
FRST log attached
Logged

REDACTED

  • Guest
Re: something keeps trying to access go.wvydeo.com/xxx ... xxx
« Reply #4 on: November 16, 2015, 01:15:13 AM »
aswMBR log attached
Logged

REDACTED

  • Guest
Re: something keeps trying to access go.wvydeo.com/xxx ... xxx
« Reply #5 on: November 16, 2015, 02:16:37 AM »
Now I'm also getting http://sitestatistic.net/www/delivery blocked over and over and over.....
They are both trying to access regsvr32.exe
« Last Edit: November 16, 2015, 02:19:07 AM by CSINC »
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: something keeps trying to access go.wvydeo.com/xxx ... xxx
« Reply #6 on: November 16, 2015, 03:42:23 PM »
The human eye is better than any automated programme :)

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-875269125-2373890352-835586103-1001\...\Run: [YhzlPack] => C:\Windows\SysWOW64\regsvr32.exe "C:\Users\Joe Lotts\AppData\Local\Esxtion\EzdrvFactory.dll"
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
C:\Users\Joe Lotts\AppData\Local\Esxtion
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that
Logged
Pages: [1]   Go Up
« previous next »