Author Topic: permanent Avast-Malware warning since hours (Pop-up) but no possibilty to react  (Read 7444 times)

0 Members and 1 Guest are viewing this topic.

annemarie185

  • Guest
I am scared from a permanent Avast-Pop-up (it's there for hours and I cant removve it). It informs that malware has found and blocked. But it gives me no possibility to react, no tool, no choice as usually but only an ad to download Google Chrome.
The Computer has been scanned, everything seems to be ok. But the Pop-up wont go away, it stays there permanently and a cant work properly (it takes the important right corner of the screen).
What do I have to do?

I would very much appreciate, if someone could help me soon in this topic.

Thank's a lot.

Annemarie

Offline mikaelrask

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
hey and welcome to the forum

please follow this guide and attach your logs. we need the log from mbam,otl, awsmbr

http://forum.avast.com/index.php?topic=53253.0

a malware expert will help you from there.
Windows 8.1 amd a10-5700 64 bit
12 GB ram 1 tb hard drive. Avast 18, MBAM

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
can you attach a screenshot of the popup?


annemarie185

  • Guest
Oh, I wish I could, but I dont know how to create the necessary file type. I can only create a doc-file. I am sorry. I try to attach this, but I'm afraid, it goes through.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Hi what version of windows are you running ?

annemarie185

  • Guest
Hi, it`s Windows 7.

annemarie185

  • Guest
I try again with an attachment. Hope it works...?

annemarie185

  • Guest
part II

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
OK I was going to suggest that you use the snipping tool http://www.bleepingcomputer.com/tutorials/how-to-use-the-windows-snipping-tool/

OK lets have a look see

Download OTL  to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach  both logs

annemarie185

  • Guest
Hello Essexboy, the scan is done. Now I attach the report files...

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
OK lets get at it, once this has run let me know if the alerts cease

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKU\S-1-5-21-2790221107-3941140988-3762472147-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKU\S-1-5-21-2790221107-3941140988-3762472147-1000\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKU\S-1-5-21-2790221107-3941140988-3762472147-1000\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKU\S-1-5-21-2790221107-3941140988-3762472147-1000\..\SearchScopes,DefaultScope = {BFBC099C-9CCD-42FC-9DC0-E0DE9ECBEF13}
IE - HKU\S-1-5-21-2790221107-3941140988-3762472147-1000\..\SearchScopes\{BE89407B-BEC5-4D7B-84B0-948494C5E25C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=CCA0A93A-11D9-4E11-9C4E-0F764CD61539&apn_sauid=D677596E-8DAC-4923-A6B8-FDB92A00F84D
IE - HKU\S-1-5-21-2790221107-3941140988-3762472147-1000\..\SearchScopes\{BFBC099C-9CCD-42FC-9DC0-E0DE9ECBEF13}: "URL" = http://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=
FF - prefs.js..browser.search.defaultthis.engineName: "NCH EN Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledAddons: ffxtlbra%40softonic.com:1.5.1
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.6
FF - prefs.js..extensions.enabledAddons: %7B37483b40-c254-4a72-bda4-22ee90182c1e%7D:3.18.0.7
[2013.04.03 16:17:51 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ka6jkldd.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2013.04.03 16:26:42 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ka6jkldd.default\extensions\ffxtlbra@softonic.com
[2013.06.23 15:13:45 | 000,571,660 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ka6jkldd.default\extensions\toolbar@gmx.net.xpi
[2013.04.03 16:26:56 | 000,001,050 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ka6jkldd.default\searchplugins\11-suche.xml
[2013.11.15 20:02:27 | 000,002,308 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ka6jkldd.default\searchplugins\askcom.xml
[2012.02.28 12:57:56 | 000,000,915 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ka6jkldd.default\searchplugins\conduit.xml
[2012.03.13 19:34:24 | 000,002,060 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ka6jkldd.default\searchplugins\softonic.xml
O2:64bit: - BHO: (HDvid Codec V7.0) - {11111111-1111-1111-1111-110411901142} - C:\Program Files (x86)\HDvid Codec V7.0\HDvid Codec V7.0-bho64.dll (installdaddy)
O2 - BHO: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found.
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found.
O3 - HKU\S-1-5-21-2790221107-3941140988-3762472147-1000\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" File not found
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe File not found
O4:64bit: - HKLM..\RunOnce: [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196} File not found
O4:64bit: - HKLM..\RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} File not found
O4:64bit: - HKLM..\RunOnce: [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196} File not found
O4:64bit: - HKLM..\RunOnce: [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found
O4:64bit: - HKLM..\RunOnce: [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found
[2014.01.18 18:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDvid Codec V7.0
[2014.01.18 18:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hdvidcodec.com
[2014.01.28 18:22:00 | 000,002,224 | ---- | M] () -- C:\Windows\tasks\HDvid Codec V7.0-firefoxinstaller.job
[2014.01.28 18:18:01 | 000,001,356 | ---- | M] () -- C:\Windows\tasks\HDvid Codec V7.0-updater.job
[2014.01.28 18:18:00 | 000,001,180 | ---- | M] () -- C:\Windows\tasks\HDvid Codec V7.0-enabler.job
[2014.01.28 18:17:01 | 000,002,140 | ---- | M] () -- C:\Windows\tasks\HDvid Codec V7.0-chromeinstaller-dev.job
[2014.01.28 18:17:00 | 000,001,298 | ---- | M] () -- C:\Windows\tasks\HDvid Codec V7.0-codedownloader.job
[2013.11.28 10:22:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Internet-Manager

:Files
C:\Program Files (x86)\Iminent

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

annemarie185

  • Guest
Ahoi Essexboy, I did everything as advised. I did it brave and hopefully ... but the alert is still there. It popped up, as if it was there forever and if it would stay there forever. I go crazy.

I sent all the files. Plus my hope that you have any idea what else could be done to let it go...





Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Could you confirm that you only get this with firefox ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKCU\..\SearchScopes\{725283D3-7680-4BCA-A237-F565A6C57A5F}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
[2014.01.18 18:18:42 | 000,001,368 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ka6jkldd.default\searchplugins\iminent.xml
O4:64bit: - HKLM..\RunOnce: [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install File not found

:Files
C:\Users\Annemarie\AppData\Local\Program Files\Amazon\MP3 Downloader

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

annemarie185

  • Guest
Yes, because I only use firefox. I do this algorithmus again? Should I change to anything else than firefox?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Run the fix, then use IE for a few minutes to see if the alert is present