Author Topic: Constant Malicious URL warnings - ga.js infection  (Read 1189 times)

Offline rusty_brown

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Constant Malicious URL warnings - ga.js infection
« on: October 08, 2012, 08:43:15 PM »
I’ve had a problem with malicious url’s being detected and constant Avast popup warnings. They’re mostly to do with google-analytics.ga.js

It’s got to the point where the Avast warning box is constantly popping up whilst I’m browsing.

To make things worse I am now getting an ad.xtendmedia popup in the lower left corner of Chrome on nearly every page I open.

I’ve run complete scans with Avast, Malwarebytes, and SUPERAntiSpyware. Nothing is detected.
I read in another forum that it could be a problem with my router (the problem only occurs on my laptop, not on my PC) so I changed my login details and checked the DNS settings were correct. It didn’t make any difference and the problem persists.

I’ve run out of ideas and really need some help. All the logs requested in the sticky are attached.

Any help will be greatly appreciated!

Offline rusty_brown

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: Constant Malicious URL warnings - ga.js infection
« Reply #1 on: October 08, 2012, 08:44:36 PM »
here's the malwarebytes log:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Louise :: LOUISE-LT2 [administrator]

08/10/2012 20:13:03
mbam-log-2012-10-08 (20-13-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205283
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Offline mikaelrask

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1299
  • Gender: Male
    • Personal Message (Offline)
Re: Constant Malicious URL warnings - ga.js infection
« Reply #2 on: October 09, 2012, 02:24:49 PM »
hey and welcome to the forum. i will drop a note to one of our malware expert here on the forum on you thread.
new computer
windows 8 Intel core I-3 64 bit
6 gb ram 500 gb hardrive. avast 9 MBAM

Online essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28937
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Online)
Re: Constant Malicious URL warnings - ga.js infection
« Reply #3 on: October 09, 2012, 02:27:58 PM »
Here we go a quickie fix.. Let me know if this cures it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
@Alternate Data Stream - 993 bytes -> C:\Program Files\Common Files\Microsoft Shared:RnwXmMlFWWUb61WqX9g5
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 1053 bytes -> C:\ProgramData\Microsoft:ynmwUvLOfr7Ish7HAJMrxDEcs
@Alternate Data Stream - 1013 bytes -> C:\ProgramData\Microsoft:M4t9lFuZfRwTpRpeEqbv

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Offline rusty_brown

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: Constant Malicious URL warnings - ga.js infection
« Reply #4 on: October 09, 2012, 02:55:32 PM »
I think it's fixed - thank you!
I've been browsing for 5 mins or so and no alerts or popups.

The quick scan results are attached.

What was this exactly? I've never had so much trouble getting rid of a virus or malware.

Thanks again!

Online essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28937
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Online)
Re: Constant Malicious URL warnings - ga.js infection
« Reply #5 on: October 09, 2012, 03:04:24 PM »
Quote
O1 HOSTS File: ([2011/10/02 17:46:39 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 74.55.76.230 www.google-analytics.com.
O1 - Hosts: 74.55.76.230 ad-emea.doubleclick.net.
O1 - Hosts: 74.55.76.230 www.statcounter.com.
O1 - Hosts: 178.250.45.15 www.google-analytics.com.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 www.statcounter.com.
This was the culprit, your Host file was hijacked

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now