Author Topic: Avast Pop-ups won't stop after plugging in flash drive  (Read 5289 times)

0 Members and 1 Guest are viewing this topic.

Fireforgey

  • Guest
Avast Pop-ups won't stop after plugging in flash drive
« on: May 07, 2014, 08:18:40 AM »
Hi guys, I need help.  Ever since I put in a few flash drives into my computer (I know I know, but I had to do it) Avast keeps popping up every 5 seconds with two notifications:

Avast Web Shield has blocked a harmful webpage or file.

Object : http://www.weebly.com/uploads/28/1/0/28102339/ahpaa.exe
Infection: URL: Mal
Process C:\\Windows\System32\wscript.exe

And Another exactly the same, but with a different Object:

Avast Web Shield has blocked a harmful webpage or file.

Object : http://www.weebly.com/uploads/28/1/0/28102339/22.exe
Infection: URL: Mal
Process C:\\Windows\System32\wscript.exe

So far, I'm doing a full system scan with Avast, did a full system scan with Malwarebytes (got rid of quite a few things but it didn't solve the problem) and I'm quite lost as to what to do.

Please help.

Edit:
Am currently uploading the files, but it said that asw doesn't work on Windows 8 which is the system that I'm using.  Is that ok?  There other scans will be uploaded in a few minutes once scanned.
« Last Edit: May 07, 2014, 08:33:55 AM by Fireforgey »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76239
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast Pop-ups won't stop after plugging in flash drive
« Reply #1 on: May 07, 2014, 08:28:43 AM »
Attach your logs. (MBAM, OTL and aswMBR..!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Fireforgey

  • Guest
Re: Avast Pop-ups won't stop after plugging in flash drive
« Reply #2 on: May 07, 2014, 08:48:54 AM »
Alright, here all all of the uploaded files

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76239
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast Pop-ups won't stop after plugging in flash drive
« Reply #3 on: May 07, 2014, 08:54:15 AM »
OK, now you've to wait. Unplug all/any flash drives.
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40605
  • Dragons by Sasha
    • Malware fixes
Re: Avast Pop-ups won't stop after plugging in flash drive
« Reply #4 on: May 07, 2014, 02:50:23 PM »
OK lets start.. 

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
[2014/05/07 08:31:53 | 000,000,836 | ---- | M] () -- C:\Users\Omar Eldahan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asodakaossd.lnk
[2014/05/07 08:31:47 | 000,894,464 | ---- | M] () -- C:\Users\Omar Eldahan\AppData\Roaming\asadfkjowea.exe
[2014/05/07 08:31:46 | 000,000,000 | ---- | M] () -- C:\Users\Omar Eldahan\AppData\Roaming\asfkjowea.exe
[2014/05/06 22:59:51 | 000,000,000 | ---- | M] () -- C:\Users\Omar Eldahan\AppData\Roaming\weaefasdasf.exe
[2014/05/03 13:30:29 | 000,118,656 | ---- | C] () -- C:\Users\Omar Eldahan\AppData\Roaming\aiasfacoiaksf.vbs

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

Plug in the drive and McShield will start a scan

Then get the log which will be located under the logs tab on the main page

And post that

Fireforgey

  • Guest
Re: Avast Pop-ups won't stop after plugging in flash drive
« Reply #5 on: May 07, 2014, 07:10:14 PM »
Well, first of all, that you all so much for all of your help.  Getting rid of this virus almost feels like a job...and I'm just following a couple of instructions.  On a positive note, the AVAST pop-ups have stopped, however I noticed something interesting.  Every-time I turned on the computer, two cmd.exe windows would appear and disappear. Now, they stay because a command box opens saying that it can't find C:\Users\Omar Eldahan\AppData\Roaming\asadfkjowea.exe or something like that.  I've attached the scan logs that you asked for.  Enjoy  ;D.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40605
  • Dragons by Sasha
    • Malware fixes
Re: Avast Pop-ups won't stop after plugging in flash drive
« Reply #6 on: May 07, 2014, 07:27:39 PM »
That is because some numpty missed a registry entry :)

Let me know how the computer is after this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4 - HKCU..\Run: [asodakaossd] C:\WINDOWS\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Omar Eldahan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asodakaossd.lnk = C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
[2014/05/07 18:29:04 | 000,000,836 | ---- | M] () -- C:\Users\Omar Eldahan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asodakaossd.lnk
[2014/05/07 18:28:58 | 000,893,881 | ---- | M] () -- C:\Users\Omar Eldahan\AppData\Roaming\asadfkjowea.exe
[2014/05/07 18:28:49 | 000,000,000 | ---- | M] () -- C:\Users\Omar Eldahan\AppData\Roaming\asfkjowea.exe
[2014/05/07 18:21:08 | 000,001,453 | ---- | M] () -- C:\Users\Omar Eldahan\AppData\Local\psppirerc
[2014/05/04 12:12:38 | 000,000,836 | ---- | C] () -- C:\Users\Omar Eldahan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asodakaossd.lnk

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Fireforgey

  • Guest
Re: Avast Pop-ups won't stop after plugging in flash drive
« Reply #7 on: May 07, 2014, 07:57:09 PM »
Ok, well I did as you said and everything seems to be fine.  The cmd.exe windows stopped appearing.   However, I have a few questions.  first of All, the MCShield said that their were suspicious files on my flash drive and that it "renamed" them. Does that mean it fixed them?  Also, which of these programs that I downloaded should I keep, and which should I get rid of?  Huh, this experience has been kind of depressing.  I usually consider myself to be pretty good with computers, and yet I do not have the slightest clue as what I've done; it seems to have worked though. Hats off to all of you.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40605
  • Dragons by Sasha
    • Malware fixes
Re: Avast Pop-ups won't stop after plugging in flash drive
« Reply #8 on: May 07, 2014, 08:42:05 PM »
MCShield basically made them inactive due to renaming.  Keep MCShield on your system to protect you from bad flash drives, it uses no resources

All that was done was the run entries/startup entries and associated files were deleted

Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Download and run Delfix



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware



Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe  :wave:

Fireforgey

  • Guest
Re: Avast Pop-ups won't stop after plugging in flash drive
« Reply #9 on: May 07, 2014, 09:16:28 PM »
You guys be awesome.  8)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40605
  • Dragons by Sasha
    • Malware fixes
Re: Avast Pop-ups won't stop after plugging in flash drive
« Reply #10 on: May 07, 2014, 09:33:59 PM »
It was our pleasure to assist :)