Malware

[polymans]

Recently when i switch on my laptop avast block these 2 files or objects
Process: windows system 32 wscripts
Objects: some sort of links

So how to solve??
Explain in details i kinda new to this

[Eddy]

It looks like avast blocked access to a malicious website.
But if you want us to check your system,

Read this topic, and attach the logs
http://forum.avast.com/index.php?topic=53253.0

[magna86]

Monitoring

[polymans]

So i just follow those steps?? Will it affect my files? How about this http://forum.avast.com/index.php?topic=138841.0 is it also a way to solve the problem??

[Eddy]

Following the instructions will not affect your files.

Yes, you can safely install McShield.
It will work together with avast protecting your system.

[polymans]

OK i have done scanning using the OTL and how does that help me by posting the log to you?? So after http://forum.avast.com/index.php?topic=53253.0 the OTL steps what i need to do next?? DO i post the logs in this thread?

[magna86]

@polymans

If you need help, all you have to do is to carefully read the instructions, set and post here the logs. If others can, so can you.

By looking at the logs I can determine whether or what maliciously is running on your machine or not, or if nothing else, I can determine the next steps in the detection and simular ...

[polymans]

Here my log.. Reply asap thanks..

[magna86]

Here my log.. Reply asap thanks..

If you need help, all you have to do is to carefully read the instructions, set and post here the logs. If others can, so can you.

MBAM as first scan ... then OTL and as Rootkit Scan I shall need aswMBR logreport.

[polymans]

Here my log.. Reply asap thanks..

If you need help, all you have to do is to carefully read the instructions, set and post here the logs. If others can, so can you.

MBAM as first scan ... then OTL and as Rootkit Scan I shall need aswMBR logreport.

Here the logs !?

[magna86]

Re-run OTL.exe.

• Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  
  

Code: [Select]

:OTL
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\ADMIN\AppData\Roaming\IDM\idmmzcc5 [2013/11/24 17:44:37 | 000,000,000 | ---D | M]
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O15 - HKU\S-1-5-21-1485479979-3871474954-1436385025-1002\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1485479979-3871474954-1436385025-1002\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1485479979-3871474954-1436385025-1002\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1485479979-3871474954-1436385025-1002\..Trusted Domains: sony.com ([]* in Trusted sites)
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O33 - MountPoints2\{6bc4d5a1-ffe7-11e2-be80-8c89a50b625d}\Shell - "" = AutoRun
O33 - MountPoints2\{6bc4d5a1-ffe7-11e2-be80-8c89a50b625d}\Shell\AutoRun\command - "" = "G:\Windows\CHECK\DriveNavigator.exe"

:FILES
ipconfig /flushdns /c
C:\Users\ADMIN\AppData\Roaming\IDM\idmmzcc5
C:\Windows\*.tmp

:COMMANDS
[CREATERESTOREPOINT]
[EMPTYTEMP]



• Then click the Run Fix button at the top.
  
• Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn't appear, it can be found here:

c:\_OTL\MovedFiles\mmddyyyy_hhmmss.log



Next ...



Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

• Click on the Scan button.
  
• After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  
• Post logfile will also be saved in the C:\AdwCleaner folder.