Author Topic: Malware- Help! URL toolbar.lavasoft.com  (Read 5968 times)

0 Members and 1 Guest are viewing this topic.

scatback

  • Guest
Malware- Help! URL toolbar.lavasoft.com
« on: December 26, 2012, 04:43:43 PM »
I just realized I may have made a mistake posting this in general discussion, so I will post it here in malware discussion.
Once every 30 minutes or so avast warns of 2 threats detected.  Scans find them but when I try to move to chest it says 'error: the system cannot find the file specified (2)'

The info from the avast warning is
MALWARE BLOCKED
URL: toolbar.lavasoft.com/malwaresitelist/data/121103031826-l.zip|121103031826-l.list
infection: HTML: Fraud-J

The other is the same thing except the long number is '121031200349'  and it is 'm.zip' and 'm.list'

Obviously I notice the adaware reference- I used to have adaware but deleted it months ago.  This just started the last couple of days.
What can I do about this? Avast scans find them but can't fix them.
Thanks for your help.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #1 on: December 26, 2012, 04:51:51 PM »
run a scan with AdwCleaner and Malwarebytes and see if anything changes

you find them/instructions here   http://forum.avast.com/index.php?topic=53253.0

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #2 on: December 26, 2012, 05:00:44 PM »
It looks to me like it is the Lavasoft toolbar (adaware) updating itself

toolbar.lavasoft.com/malwaresitelist/data/121103031826-l.zip

scatback

  • Guest
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #3 on: December 26, 2012, 06:24:46 PM »
Pondus- I am running a Malwarebytes scan as we speak.  If that doesn't work I will look into downloading Adwcleaner.
I already scanned with Spybot and found nothing.

Essexboy- I thought the same thing.  But I don't have a lavasoft toolbar.  I deleted adaware several months ago, but obviously some remnant remains that is now causing trouble. Is there a way to find it so I can remove it?

 In the 'search programs and files' box I type 'adaware' and three documents come up that are logs from old adaware scans.  Could that be the problem? I don't see how.  If I type 'lavasoft' the same three come up plus a piriform ccleaner document from the registry cleaner.  These are logs from old documents from months ago. 

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #4 on: December 26, 2012, 06:35:09 PM »
I will have a look in the OTL scan

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #5 on: December 26, 2012, 06:37:10 PM »
Quote
I already scanned with Spybot and found nothing.
SpyBot is a joke..   ;)

Quote
" In testing, it proved almost 100 percent ineffective
http://www.pcmag.com/article2/0,2817,2412372,00.asp

scatback

  • Guest
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #6 on: December 26, 2012, 06:53:03 PM »
Thank you both for your help.
Should I download OTL and try that?
I already have hijackthis- in the scan it found something interesting:
04 - HKLM/../ Run: [Ad-Aware Browsing Protection]
C:\Program\Ad-Aware Browsing Protection\adawarebp.exe

Info button says this is an entry that autoloads when windows starts that can revert info back to a hijacker's page after a reboot- also a DLL file can hook into the system.
It then gives a list of infected examples- are these general examples or actual examples from my computer?
It says (action  taken: Registry value is deleted)

Unfortunately when I press 'fix checked item' it goes to a blank screen as if it is fixed- then I press 'scan' again and there the adaware line is again.  Nothing changed.

scatback

  • Guest
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #7 on: December 26, 2012, 06:58:01 PM »
Also- I just looked up on hijack this what '04' before the HKLM refers to:
'04- Enumeration of suspicious autoloading Registry entries'

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #8 on: December 26, 2012, 07:06:37 PM »
ues OTL as this is much better then HijackThis....and it is also the tool Essexboy use   ;)

scatback

  • Guest
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #9 on: December 26, 2012, 08:22:26 PM »
Malwarebytes came up empty.
I ran OTL quick scan per instructions from  geekstogo.com and got the 2 logs.  What should I do now? Essexboy, would you want to look at them?
Thanks for the help- I am afraid to log onto anything important (bank, etc) in case hijackthis description of what it could be is correct.

scatback

  • Guest
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #10 on: December 26, 2012, 11:37:58 PM »
I wanted to post the reports from OTL quick scan for essexboy or anyone else to see.  I tried to copy and paste the 2 reports from OTL Extras.Txt and OTL.Txt but both exceeded the max 10000 character limit so I don't know what to do.

Offline DJBone

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6365
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #11 on: December 26, 2012, 11:43:02 PM »
Attach the logs in your next post.
When you reply there's a option "Attachements and other options".

DJBone
Win10 x64, APS (always latest version)
Avast Mobile Security (always latest version)

scatback

  • Guest
Re: Malware- Help! URL toolbar.lavasoft.com
« Reply #12 on: December 27, 2012, 06:31:58 PM »
Thank you for everyone who advised me on this problem.  I think I have solved it.
I didn't realize essexboy had laid out what to do about malware and creating a log from OTL in the thread at the top of the page.  Once I saw that I started going through the process.
Along the way I went checking through file after file in My Computer and found one related to adaware.  I deleted it and so far there haven't been any more warnings from avast. 
Thanks again to everyone on this forum who offered me help.