Author Topic: wpad.net/wpad.dat infection  (Read 9853 times)

0 Members and 1 Guest are viewing this topic.

Darats

  • Guest
Re: wpad.net/wpad.dat infection
« Reply #15 on: October 14, 2013, 01:27:57 AM »
Here is the OTL Scan.

As last time : I've rared it and renamed it to .log to be able to post it here.


Does Avast said something already about this infection?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: wpad.net/wpad.dat infection
« Reply #16 on: October 14, 2013, 04:30:22 PM »
It is not related to Skype as I installed it on my system to check out and not a peep from Avast here.  Could you attach a screenshot of the alert please 

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
O20:64bit: - AppInit_DLLs: (x) - File not found
O20 - AppInit_DLLs: (x) - File not found
@Alternate Data Stream - 296 bytes -> C:\Mount:$WIMMOUNTDATA

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Darats

  • Guest
Re: wpad.net/wpad.dat infection
« Reply #17 on: October 14, 2013, 07:09:16 PM »
Here are 3 screenshots with 3 times the same errors but detected trough 3 different programs.

I will try your OTL fix now.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: wpad.net/wpad.dat infection
« Reply #18 on: October 14, 2013, 07:43:24 PM »
Time to go hunting

For 32bit systems, please download SystemLook from one of the links below and save it to your Desktop.
 
Download Mirror #1
Download Mirror #2

 
For 64bit systems, download SystemLook from here.
 
 
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: [Select]
:regfind
wpad.net
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

 
Note: The log can also be found on your Desktop entitled SystemLook.txt


Darats

  • Guest
Re: wpad.net/wpad.dat infection
« Reply #19 on: October 14, 2013, 08:12:24 PM »
Here is the log :


SystemLook 30.07.11 by jpshortstuff
Log created at 20:10 on 14/10/2013 by ---
Administrator - Elevation successful

========== regfind ==========

Searching for "wpad.net"
No data found.

-= EOF =-



BTW it seems to have disappeared since the OTL fix.
I will try some reboots and wait a bit to see if it comes again.

Darats

  • Guest
Re: wpad.net/wpad.dat infection
« Reply #20 on: October 14, 2013, 08:23:40 PM »
Oh no, the alert came back while surfing the net...

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: wpad.net/wpad.dat infection
« Reply #21 on: October 14, 2013, 08:50:25 PM »
Do you use a router to connect to the net ?

Darats

  • Guest
Re: wpad.net/wpad.dat infection
« Reply #22 on: October 14, 2013, 11:04:22 PM »
I guess yes. The router is provided by my ISP, but I'm not using a personnal one.

I don't know if it can help but here is the manual of it (sorry it's in French) :
http://www.upc-cablecom.ch/content/dam/www-upc-cablecom-ch/Support/manuals/fr/hrz/upc-horizon-mode-emploi.pdf

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: wpad.net/wpad.dat infection
« Reply #23 on: October 14, 2013, 11:15:26 PM »
An unusual one that ..  Is there an option to reset the router to default ?  I am thinking a possible router infection here

Darats

  • Guest
Re: wpad.net/wpad.dat infection
« Reply #24 on: October 15, 2013, 01:18:59 AM »
That would maybe explained why my other computer got the same exact alert...

I'll try to reset it and I let you know.

Darats

  • Guest
Re: wpad.net/wpad.dat infection
« Reply #25 on: October 15, 2013, 11:41:06 PM »
I've reset the router to the factory defaults: no change, alert still appears!

I've also updated my Skype (as I saw on other topics) to the latest version: no change, alert still appears!

Any other guess?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: wpad.net/wpad.dat infection
« Reply #26 on: October 15, 2013, 11:45:05 PM »
Thinking.  Does the disabling of Skype stop it totally ?

Darats

  • Guest
Re: wpad.net/wpad.dat infection
« Reply #27 on: October 16, 2013, 08:20:20 AM »
I've uninstalled Skype, and the alert is still there...

Don't know if this can be a clue but it appears only the first time programs are launch (every time I boot I got warnings).

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: wpad.net/wpad.dat infection
« Reply #28 on: October 16, 2013, 04:09:51 PM »
OK lets now see if I can locate this miscreant

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    Do you want to skip supplementary searches?
    click NO
    [/list]
    • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
    • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
    • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
    *NOTE* If you receive any warning message about scripts, please choose to allow the script to run.