Author Topic: 'threat detected', sprotector.php, every 5 minutes!! (Avast Free, FireFox, Win7)  (Read 5462 times)

0 Members and 1 Guest are viewing this topic.

harveyp

  • Guest
Evening all, I have changed my habits not at all since yesterday - mainly regular sites, maybe one or 2 new sites - but today I get "Threat detected" every 5 minutes. It is not worth starting up a vid or tv channel because it is every 5 minutes. Associated with the firefox.exe process, I get 5 threats every time

*.info/installmate/php/sprotector.php

*=amazingsoftware, clearbroweapp, tracknl, browsercleanapp, browserclean at least some of which are associated with the leaseweb.com servers in NL

2 questions - how do I dissociate these threats from my firefox.exe, and how do I switch off the ******** message every 5 minutes?

Thanx in advance, Harvey

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
To get rid of this follow this guide and attach requested logs: http://forum.avast.com/index.php?topic=53253.0

Right click on the tray icon and choose Game mode to get rid of all Avast messages for now.
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Not a good idea as sprotector is a PUP on a toolbar or addon in Firefox.  All you will be doing is nothing as the alert is not suppressed by gaming mode

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
THEN

Download OTL  to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach  both logs

harveyp

  • Guest
How instructive was that?

Why does MS call them Temporary Internet Files when they never go away?
Why does uninstal not?
Why is AVG so sticky?
Why are installers so clever about where I live and so dumb about what I want?

Attached are the requested files ...

H

harveyp

  • Guest
and also ...

zinia

  • Guest
I am also having this problem on Firefox (Avast Free, Win7). I have no special toolbars and I have removed all addons but the Avast Ad Blocker and still the message pops up. The Avast message is pretty useless if it doesn't explain exactly where within Firefox that the malware is coming from. I'm also wondering why I would need to download and install something to clean the infection as suggested by essexboy - isn't Avast supposed to clean infections?

I have reported this as a false positive but that doesn't seem to have done anything. Perhaps it's not a false positive but if it isn't then Avast should be able to tell me where it's coming from.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37698
@zinia

Quote
Firefox that the malware is coming from. I'm also wondering why I would need to download and install something to clean the infection as suggested by essexboy - isn't Avast supposed to clean infections?
no security program have 100% detection and/or removal

removing malware can be a complex operation, the bad guiys use evry trick in the book to stay undetected or make it difficult to remove

if you need help, start your own topic and follow the logs to assist in cleaning malware guide at top in this forum section



Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Have the alerts ceased now ?

Quote
Why does MS call them Temporary Internet Files when they never go away?
Why does uninstal not?
Why is AVG so sticky?
Why are installers so clever about where I live and so dumb about what I want?
If I knew the answers I would rule the world :)


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
DRV:64bit: - [2013/11/10 21:14:36 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/09/05 00:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/20 00:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 00:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 00:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 00:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 00:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/03/21 02:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
O3 - HKU\S-1-5-21-2758170698-2259870549-3017320416-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY File not found
2013/11/18 06:33:06 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\Avg2013
[2013/11/17 21:13:09 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{C52AFBDC-AB5A-4973-8A01-A7EF13FB191D}
[2013/11/17 09:12:41 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{BD0859AA-5273-4EDA-B771-F3144A42C359}
[2013/11/16 08:54:14 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{FC2FEEBA-CD3D-487C-9BC9-9C6B0D381FFA}
[2013/11/15 09:39:23 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{84503194-86BD-4AAD-97B6-181EBCB22C99}
[2013/11/14 22:20:17 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Roaming\AVG2014
[2013/11/14 22:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/11/18 15:28:18 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\AVG2013
[2013/11/14 22:20:17 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\AVG2014

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

harveyp

  • Guest
I followed all of the instructions and just producing the log files got rid of the problem. I may never know what got me, but I hope that you experts may learn something from those files. Thanks a bunch and Merry Christmas!

Harvey