Author Topic: Avast scanning the web for pr0n  (Read 13268 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Avast scanning the web for pr0n
« Reply #15 on: December 08, 2013, 06:03:55 PM »
Could you now run a fresh OTL scan please and select all users and I will locate the errant start entry..  There will only be one log this time

Offline huerto

  • Newbie
  • *
  • Posts: 13
Re: Avast scanning the web for pr0n
« Reply #16 on: December 08, 2013, 06:28:52 PM »
Here it is.
thanks a lot for the quick help!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Avast scanning the web for pr0n
« Reply #17 on: December 08, 2013, 06:42:31 PM »
Did not want to go first time, lets see if it is as strong now :)

On completion can you let me know of any problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
O4 - HKLM..\Run: [TaskMngr] wscript.exe "C:\Program Files (x86)\Common Files\Lenovo\data.js" File not found

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Offline huerto

  • Newbie
  • *
  • Posts: 13
Re: Avast scanning the web for pr0n
« Reply #18 on: December 08, 2013, 07:10:44 PM »
Here txt3.

The data.js window came up again though.

And OTL asks to be run right after restart.


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Avast scanning the web for pr0n
« Reply #19 on: December 08, 2013, 08:57:25 PM »
It does not seem to want to go..  Lets get MBAM on the job :)

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Attach  the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Offline huerto

  • Newbie
  • *
  • Posts: 13
Re: Avast scanning the web for pr0n
« Reply #20 on: December 08, 2013, 09:28:04 PM »
Done. It hasn't found anything.
---

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.08.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
IBM :: TINY-JAMES [Administrator]

08.12.2013 21:13:32
mbam-log-2013-12-08 (21-13-32).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212272
Laufzeit: 4 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Avast scanning the web for pr0n
« Reply #21 on: December 08, 2013, 09:33:43 PM »
OK can you run this programme from safe mode please and I will kill it there.  I will tidy up after :)

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from. 
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Offline huerto

  • Newbie
  • *
  • Posts: 13
Re: Avast scanning the web for pr0n
« Reply #22 on: December 08, 2013, 09:58:22 PM »
Here is that.
Sorry for it being partially in German ...

//edit

I'll do it again. In safe mode  :-[

« Last Edit: December 08, 2013, 10:18:54 PM by huerto »

Offline huerto

  • Newbie
  • *
  • Posts: 13
Re: Avast scanning the web for pr0n
« Reply #23 on: December 08, 2013, 10:18:19 PM »
Safe mode version.


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Avast scanning the web for pr0n
« Reply #24 on: December 08, 2013, 10:35:32 PM »
OK from safe mode again .. 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix.
On completion a log will be generated please post that


Offline huerto

  • Newbie
  • *
  • Posts: 13
Re: Avast scanning the web for pr0n
« Reply #25 on: December 08, 2013, 10:51:25 PM »
Here the fixlog.
Thanks a bunch for your time, man.


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Avast scanning the web for pr0n
« Reply #26 on: December 08, 2013, 11:01:51 PM »
OK moment of truth try a reboot to normal mode and let me know if the blighter has gone :)

Offline huerto

  • Newbie
  • *
  • Posts: 13
Re: Avast scanning the web for pr0n
« Reply #27 on: December 08, 2013, 11:11:27 PM »
 8)

All is well.
Data.js window is gone and there seems to be no background surfing in sticky places!
Thanks a lot, it's great to be able to rely on people like you guys.


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Avast scanning the web for pr0n
« Reply #28 on: December 08, 2013, 11:12:59 PM »
The last bit was a toughie, but it was just an orphan entry in the registry more an annoyance than anything else.  :)

Any further problems before I tidy up ? 

Offline huerto

  • Newbie
  • *
  • Posts: 13
Re: Avast scanning the web for pr0n
« Reply #29 on: December 08, 2013, 11:15:56 PM »
I am good to go.