Author Topic: Constant Malicious URL warnings - ga.js infection  (Read 4328 times)

0 Members and 1 Guest are viewing this topic.

rusty_brown

  • Guest
Constant Malicious URL warnings - ga.js infection
« on: October 08, 2012, 10:43:15 PM »
I’ve had a problem with malicious url’s being detected and constant Avast popup warnings. They’re mostly to do with google-analytics.ga.js

It’s got to the point where the Avast warning box is constantly popping up whilst I’m browsing.

To make things worse I am now getting an ad.xtendmedia popup in the lower left corner of Chrome on nearly every page I open.

I’ve run complete scans with Avast, Malwarebytes, and SUPERAntiSpyware. Nothing is detected.
I read in another forum that it could be a problem with my router (the problem only occurs on my laptop, not on my PC) so I changed my login details and checked the DNS settings were correct. It didn’t make any difference and the problem persists.

I’ve run out of ideas and really need some help. All the logs requested in the sticky are attached.

Any help will be greatly appreciated!

rusty_brown

  • Guest
Re: Constant Malicious URL warnings - ga.js infection
« Reply #1 on: October 08, 2012, 10:44:36 PM »
here's the malwarebytes log:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Louise :: LOUISE-LT2 [administrator]

08/10/2012 20:13:03
mbam-log-2012-10-08 (20-13-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205283
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Offline mikaelrask

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
Re: Constant Malicious URL warnings - ga.js infection
« Reply #2 on: October 09, 2012, 04:24:49 PM »
hey and welcome to the forum. i will drop a note to one of our malware expert here on the forum on you thread.
Windows 8.1 amd a10-5700 64 bit
12 GB ram 1 tb hard drive. Avast 18, MBAM

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Constant Malicious URL warnings - ga.js infection
« Reply #3 on: October 09, 2012, 04:27:58 PM »
Here we go a quickie fix.. Let me know if this cures it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
@Alternate Data Stream - 993 bytes -> C:\Program Files\Common Files\Microsoft Shared:RnwXmMlFWWUb61WqX9g5
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 1053 bytes -> C:\ProgramData\Microsoft:ynmwUvLOfr7Ish7HAJMrxDEcs
@Alternate Data Stream - 1013 bytes -> C:\ProgramData\Microsoft:M4t9lFuZfRwTpRpeEqbv

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

rusty_brown

  • Guest
Re: Constant Malicious URL warnings - ga.js infection
« Reply #4 on: October 09, 2012, 04:55:32 PM »
I think it's fixed - thank you!
I've been browsing for 5 mins or so and no alerts or popups.

The quick scan results are attached.

What was this exactly? I've never had so much trouble getting rid of a virus or malware.

Thanks again!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Constant Malicious URL warnings - ga.js infection
« Reply #5 on: October 09, 2012, 05:04:24 PM »
Quote
O1 HOSTS File: ([2011/10/02 17:46:39 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 74.55.76.230 www.google-analytics.com.
O1 - Hosts: 74.55.76.230 ad-emea.doubleclick.net.
O1 - Hosts: 74.55.76.230 www.statcounter.com.
O1 - Hosts: 178.250.45.15 www.google-analytics.com.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 www.statcounter.com.
This was the culprit, your Host file was hijacked