Author Topic: Avast keeps flagging URL:Mal (Read 4137 times)

REDACTED · « **on:** June 03, 2015, 11:33:06 PM »

In just the same way as many others, every minute or two I get a warning flag for URL:Mal, pointing to file rundll32.exe. I ran all the recommended tools MWB, FRST64, aswmbr last night, but did not get as far as posting scan logs. When I booted up this evening there was a blissful pause before the warnings started. I have run all these again this evening and will post the logs (I can post yesterday's logs too if it helps). I rebooted after MWB and again I have a period of no warnings. I do not think this will last, and I will try to observe what might trigger them.

I would be very grateful if you could help me out. Please let me know if there is anything more you need from me.

Thanks guys & girls, please keep instructions to me clear and basic, I'm no expert.

Dave

TwinHeadedEagle · « **Reply #1 on:** June 03, 2015, 11:34:18 PM »

Hello,

How this issue started?

REDACTED · « **Reply #2 on:** June 03, 2015, 11:50:59 PM »

Hello THE, thanks for reading and responding,

Not sure how it started. I do download missed/unavailable TV programmes as torrents, and these are full of dodgy links and useless downloads, unfortunately. Avast usually does a great job of intervening and preventing trouble. Also have a daughter using PC, so who knows? When the messages started I think it was winexplorer.exe that was pointed to, but now it's rundll32.

Running Win8.1, by the way.

D

TwinHeadedEagle · « **Reply #3 on:** June 04, 2015, 12:01:32 AM »

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:

Code: [Select]

createsrpoint;
standardsearch;

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

REDACTED · « **Reply #4 on:** June 04, 2015, 12:30:42 AM »

OK, I have done that. Things to note: FRST ran and generated the log file, asked for a restart and said it would I would not get a notification after restart. I started FRST after restart, but it showed no sign of continuing, so I think it did all it had to do before restart. Zoek reports no internet access detected. I stopped a program going through the firewall around the time I ran Zoek (File Downloader), as it did not appear to be Zoek-related and I did not recognize it. If by doing this I have stopped Zoek doing its job, let me know which steps I need to run again. Logs attached.

Thanks for doing this.

TwinHeadedEagle · « **Reply #5 on:** June 04, 2015, 12:37:42 AM »

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Fix with ZOEK

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:

Code: [Select]

createsrpoint;
chrdefaults;

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

REDACTED · « **Reply #6 on:** June 04, 2015, 01:01:05 AM »

Logs attached. I will have to sign off now THE as there is stuff I have to read for work tomorrow. Will catch up tomorrow. Thank you for helping me.

D

TwinHeadedEagle · « **Reply #7 on:** June 04, 2015, 01:03:23 AM »

How is your PC behaving now?

REDACTED · « **Reply #8 on:** June 04, 2015, 09:05:04 AM »

PC seems OK, but it was also OK all the time I was using it yesterday evening (following all the scans). I will be using it for a while tonight, and will keep you informed. I had a 'clear' period after I ran the scans the first time, but this was temporary. Do the scans suggest the PC is clean?

D

TwinHeadedEagle · « **Reply #9 on:** June 04, 2015, 11:09:08 AM »

Yes, it should be clean now.

REDACTED · « **Reply #10 on:** June 05, 2015, 10:29:45 PM »

All seems OK now. What was the nature of the problem, a virus? I am concerned that the source of the virus is still on the PC, and I might release it again. Did the scans tell you where the problem came from, where it was lurking or why Avast, MB etc. did not shift it? Would Spybot have stopped it if I had immunized? Any information welcome. Have donated, not much but will get you a beer.

TwinHeadedEagle · « **Reply #11 on:** June 05, 2015, 10:43:23 PM »

You had some serious infections, Avast fortunately blocked some more serious from being downloaded.

• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Author Topic: Avast keeps flagging URL:Mal (Read 4137 times)

REDACTED

Avast keeps flagging URL:Mal

TwinHeadedEagle

Re: Avast keeps flagging URL:Mal

REDACTED

Re: Avast keeps flagging URL:Mal

TwinHeadedEagle

Re: Avast keeps flagging URL:Mal

REDACTED

Re: Avast keeps flagging URL:Mal

TwinHeadedEagle

Re: Avast keeps flagging URL:Mal

REDACTED

Re: Avast keeps flagging URL:Mal

TwinHeadedEagle

Re: Avast keeps flagging URL:Mal

REDACTED

Re: Avast keeps flagging URL:Mal

TwinHeadedEagle

Re: Avast keeps flagging URL:Mal

REDACTED

Re: Avast keeps flagging URL:Mal

TwinHeadedEagle

Re: Avast keeps flagging URL:Mal