Author Topic: Malware: Avast - Malicious URL Blocked pops up on almost every page (Read 2589 times)

thip77 · « **on:** July 28, 2013, 04:53:10 PM »

I've followed the instructions here (http://forum.avast.com/index.php?topic=53253.0) and have attached logs. Any help would be greatly appreciated.

thip77 · « **Reply #1 on:** July 28, 2013, 04:54:15 PM »

additional log here.

Pondus · « **Reply #2 on:** July 28, 2013, 05:23:37 PM »

does it still continue after running AdwCleaner?

if so attach a screenshot of avast warning...

malware removers are notified.....

magna86 · « **Reply #3 on:** July 28, 2013, 05:29:31 PM »

Hi,

Do you using multi-boot like UNIK like system and Windows7?

Tell me if this fix your problem;

Re-run OTL.exe.

Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

Code: [Select]


:commands
[CREATERESTOREPOINT]

:OTL
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6CA06046-09F2-4B58-8B3D-7A09681F1650}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{6CA06046-09F2-4B58-8B3D-7A09681F1650}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
IE - HKU\S-1-5-21-2537259498-2212720657-2083713854-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-2537259498-2212720657-2083713854-1000\..\SearchScopes\{6CA06046-09F2-4B58-8B3D-7A09681F1650}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
CHR - Extension: Click 2 Save = C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nablbencpmfkbaidgadeefljafbailig\1.1_0\
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:files
C:\Users\Trevor\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nablbencpmfkbaidgadeefljafbailig
dir C:\ProgramData\boost_interprocess /c
ipconfig /flushdns /c

:commands
[emptytemp]

Then click the Run Fix button at the top.
Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn't appear, it can be found here:

c:\_OTL\MovedFiles\mmddyyyy_hhmmss.log

thip77 · « **Reply #4 on:** July 28, 2013, 05:38:52 PM »

Thanks for your help, everyone.

I think I've solved the problem - the Avast pop up was always immediately followed by an ad labelled 'Ads by ClickToSave'

As a google chrome user, all I needed to do was go Settings > Extenstions and disable, then delete 'ClickToSave.' The issue appears to be solved now.

Pondus · « **Reply #5 on:** July 28, 2013, 06:05:22 PM »

i still recomend you run the fix magna made for you..... so you remove the crap he found in there.....and attach the log

he will be back later and remove the Tools used if all is OK

thip77 · « **Reply #6 on:** July 28, 2013, 06:21:32 PM »

Here is the log

magna86 · « **Reply #7 on:** July 28, 2013, 07:00:21 PM »

You need to click on the button RunFix not click RunScan.

You will need to repeat the fix

Author Topic: Malware: Avast - Malicious URL Blocked pops up on almost every page (Read 2589 times)

thip77

Malware: Avast - Malicious URL Blocked pops up on almost every page

thip77

Re: Malware: Avast - Malicious URL Blocked pops up on almost every page

Pondus

Re: Malware: Avast - Malicious URL Blocked pops up on almost every page

magna86

Re: Malware: Avast - Malicious URL Blocked pops up on almost every page

thip77

Re: Malware: Avast - Malicious URL Blocked pops up on almost every page

Pondus

Re: Malware: Avast - Malicious URL Blocked pops up on almost every page

thip77

Re: Malware: Avast - Malicious URL Blocked pops up on almost every page

magna86

Re: Malware: Avast - Malicious URL Blocked pops up on almost every page