Chinese Titled Pop-Up - Possible Malware In System With Avast! On Duty?

[NoelC]

I just saw this pop up.  I was simply typing into the edit box on a Microsoft forum at the time, and the pop-up didn't seem coincident with anything specific I was doing.  I'm running an American English Windows 8.1 setup and have never seen Chinese letters in a dialog title before.

Can anyone read this?  Does it say "Attempt to contact Chinese Spy Service Failed" in the title?



When I used Task Manager to see what process was running this pop-up, it took me to one of two copies of of csrss.exe that are running, which is continuing to count up I/O operations in Task Manager.  I see some Ethernet I/O, but not very much.

Avast! is installed and up to date.  I'm doing a full scan now, but I did one not long ago and turned up nothing.

Any ideas?  Needless to say such a dialog is disturbing to see.

-Noel

[essexboy]

It looks like adware to me

Were you using IE, FF or Chrome at the time ?

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.
  

THEN

Download OTL  to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

• Select All Users
  
• Select LOP and Purity
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Attach  both logs

[Eddy]

It looks like a advertisement to me. But please do as essexboy asked.

[NoelC]

Thanks, guys, but I see now that it wasn't adware or malware...

I have a commercial FTP site access program called WebDrive.  I had a drive connection established to my web site files, and the FTP program normally sends "keep alive" messages occasionally, for obvious reasons. 

Trouble is, my router spontaneously rebooted (something it doesn't normally do and that I need to get to the bottom of).  Apparently one of the libraries deep inside WebDrive sent the pop-up pictured above.  When I OK'd the pop-up another message came up from WebDrive, which showed that WebDrive was blocked on the first pop-up and confirmed the diagnosis.

The Avast! scan came up clean, by the way, and I've confirmed I have no adware on this system.

-Noel

[essexboy]

Glad you resolved it ..