Author Topic: Unusual URL constantly "attacking"  (Read 5995 times)

0 Members and 1 Guest are viewing this topic.

0Just ME0

  • Guest
Unusual URL constantly "attacking"
« on: December 04, 2013, 08:22:41 AM »
Hello

As I surf with firefox avast constantly pops-up saying that it protected me from an infection

I had run a deep scan with 0 results then a boot-up scan again with 0 and the pop-up still constantly appears.
Cleaning up browser neither.
Returning to previous versions of the installation folder of firefox changes nothing

I dont find anything in the web related to the page and it always is the same direction:

"http://secure-content-delivery.com/data.geo.php?callback=window.__geo.dataLoaded"

Trying to acces from my mobile to that page says its protected by ligttpd and google cant get a preview of the page

Please help me to get rid of what the program says "URL:Mal"

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Unusual URL constantly "attacking"
« Reply #1 on: December 04, 2013, 08:43:28 AM »
Quote
As I surf with firefox avast constantly pops-up saying that it protected me from an infection
this indicate a infection ....something is trying to phone home

follow guide and attach the requested logs (not copy and paste) http://forum.avast.com/index.php?topic=53253.0

we need Malwarebytes / OTL / aswMBR

when done a malware expert will check the logs




0Just ME0

  • Guest
Re: Unusual URL constantly "attacking"
« Reply #2 on: December 04, 2013, 09:19:59 AM »
Thank you for the fast response

Here are the reports; the Extras file came with the OTL and the post dont say nothing about so I included it

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Unusual URL constantly "attacking"
« Reply #3 on: December 04, 2013, 09:42:32 AM »
removal experts are notified, it may take some hours before they are online....

it seems you have 3 AV programs installed avast, AVG, Avira
installing multiple AV will give you a slow machine, windows errors and false detections

General: Uninstalling a third-party antivirus software.   http://www.avast.com/faq.php?article=AVKB11

« Last Edit: December 04, 2013, 09:50:15 AM by Pondus »

argus

  • Guest
Re: Unusual URL constantly "attacking"
« Reply #4 on: December 04, 2013, 11:05:33 AM »
Quote
it seems you have 3 AV programs installed avast, AVG, Avira
installing multiple AV will give you a slow machine, windows errors and false detections

There can be only one.



Next:




Please download Farbar Recovery Scan Tool () by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Under Optional Scan ensure "Driver MD5" are ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

0Just ME0

  • Guest
Re: Unusual URL constantly "attacking"
« Reply #5 on: December 04, 2013, 07:09:11 PM »
These are the logs requested.

I forgot to mention that the detected program by avast  was firefox, but yet I can surf normally

I had uninstalled the other two av

argus

  • Guest
Re: Unusual URL constantly "attacking"
« Reply #6 on: December 04, 2013, 07:32:30 PM »
Do you listen to Lou Reed  :)





1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]

Start
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
HKLM-x32\...\Run: [] - [x]
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=fft-1&from=fft-1&uid=ST3500418AS_5VMETGGZ____5VMETGGZ&ts=1351099393
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=fft-1&from=fft-1&uid=ST3500418AS_5VMETGGZ____5VMETGGZ&ts=1351099393
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.v9.com/web/?q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKCU - {E5BC8517-D549-4FA9-B281-C50C6F562268} URL = http://fileservehome.com/?tmp=toolbar_FileServe_results&prt=fileservetb01ie&Keywords={searchTerms}&clid=90be3fb048654a30825d1ad3ac4055c6
FF DefaultSearchEngine: v9
FF SearchEngineOrder.1: v9
C:\Users\Wottan\AppData\Local\Temp\AskSLib.dll
C:\Users\Wottan\AppData\Local\Temp\avgnt.exe
C:\Users\Wottan\AppData\Local\Temp\devcon64.exe
C:\Users\Wottan\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Wottan\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Wottan\AppData\Local\Temp\htmlayout.dll
C:\Users\Wottan\AppData\Local\Temp\swt-win32-3349.dll
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
.





************ Next ***************







Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.

  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...

  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
  • Click on button.
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"

0Just ME0

  • Guest
Re: Unusual URL constantly "attacking"
« Reply #7 on: December 04, 2013, 08:24:13 PM »
Here are the logs

argus

  • Guest
Re: Unusual URL constantly "attacking"
« Reply #8 on: December 04, 2013, 08:36:33 PM »
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.

  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...

  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]
emptyalltemp;
autoclean;
emptyclsid;
ipconfig /flushdns >> %temp%\log.txt;b
emptyrecycle.bin;
  • Click on button.
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"
.



situation?

0Just ME0

  • Guest
Re: Unusual URL constantly "attacking"
« Reply #9 on: December 04, 2013, 09:33:42 PM »
These are the results

0Just ME0

  • Guest
Re: Unusual URL constantly "attacking"
« Reply #10 on: December 04, 2013, 10:14:17 PM »
To the moment seems all clear; no pop-up from avast in any page thank you very much If anything happens related to this, I'll keep you informed

argus

  • Guest
Re: Unusual URL constantly "attacking"
« Reply #11 on: December 05, 2013, 06:47:42 AM »
You will not have more pro  8)





Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.