svchost tries to access malicious urls

[REDACTED]

Hi, Avast have also detected such threat on my laptop:

URL: http://opticguardzip.net/......
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

Scan logs will follow

thanks

[REDACTED]

Here they are...
Thanks a lot

[REDACTED]

Hello,



Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
  
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

Code: [Select]

createsrpoint;
autoclean;
emptyalltemp;
bitsadmin /reset /allusers;b
ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
  
• Push Run Script and wait patiently. The scan may take a couple of minutes.
  
• When the scan completes, a zoek-results logfile should open in notepad.
  
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

[REDACTED]

Hello,

here it is.

thanks for your help

[REDACTED]

Re-run zoek and run this script:

Code: [Select]

createsrpoint;
autoclean;
C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Preferences;f
emptyalltemp;

Post its content into your next reply.

[REDACTED]

Ok, done

[REDACTED]

How's your computer behaving now?

[REDACTED]

Well, the threat was detected 2 times this morning, (it happens around 1 time every 2 hours).
Since the first scan of ZOEK, it hasn't been reproduced.

I cross my fingers, thanks.
I let you know if it's ok

[REDACTED]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Make sure that Addition option is checked.
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  

Please include their content into your next reply.

[REDACTED]

the results in attachment

[REDACTED]

Excellent, any problems?

[REDACTED]

No more!

big big thanks, no gonna need to educate a little bit my parents in web surfing...

[REDACTED]

The following will implement some post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the icon and Run as administrator option.
  
• Make sure that these ones are checked:
• Remove disinfection tools
• Purge system restore
• Reset system settings
• Push Run and wait until the tool completes his work.
  
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
  

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.