Author Topic: Infection URL:Mal (Read 12360 times)

REDACTED · « **Reply #15 on:** July 11, 2014, 05:08:18 PM »

No luck, the search did not find anything (as I can see from the 2 attached files, for both types of popups).

essexboy · « **Reply #16 on:** July 11, 2014, 05:09:24 PM »

OK been discussing this with Magna ..

Disconnect from the internet

To open an Administrator Cmd prompt from the Desktop use Win + X and choose Command Prompt (Admin) from the list.

In the black box type in/copy the following commands, each one followed by enter :

ipconfig /flushdns
netsh winsock reset catalog
netsh int ip reset c:\resetlog.txt
ipconfig /release
ipconfig /renew

Then reboot the computer

REDACTED · « **Reply #17 on:** July 11, 2014, 05:38:13 PM »

Disconnected, run the commands with the attached output (please note that I connect wirelessly to a home router).
Restarted and waited for some minutes with no network connection and nothing happened.
As soon as I connect to the router and start the internet connection I receive 28 notices from Avast (as in the attached screenshot).

essexboy · « **Reply #18 on:** July 11, 2014, 06:56:51 PM »

Quote

C:\WINDOWS\system32>netsh int ip reset c:\resetlog.txt
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

OK I need to check this out

REDACTED · « **Reply #19 on:** July 11, 2014, 06:58:19 PM »

Yes, I noticed that also, and the file c:\resetlog.txt was not created on the disk.

essexboy · « **Reply #20 on:** July 11, 2014, 07:01:16 PM »

OK lets now try FRST as I think we are on the track of the blighter now

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Quote

CMD:ipconfig /release
CMD:netsh int ip reset
CMD:ipconfig /renew
REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

REDACTED · « **Reply #21 on:** July 11, 2014, 07:08:56 PM »

Seems like FRST64 has the same result as running manually the commands.
It seems that is something directly hooked into the network connection as the popups appear immediately after activating the wireless interface.

essexboy · « **Reply #22 on:** July 11, 2014, 07:12:59 PM »

Could you disable Avast self protection and run the FRST fix again please

REDACTED · « **Reply #23 on:** July 11, 2014, 07:26:04 PM »

Disabled all Avast shields and rerun the fix and the result is the same

I see that some other people are having issues with that specific command (http://www.eightforums.com/network-sharing/18945-error-when-resetting-tcp-ip-stack.html).

essexboy · « **Reply #24 on:** July 11, 2014, 07:30:57 PM »

OK we will need to activate the super admin account. We must turn this off on completion

To open an Administrator Cmd prompt from the Desktop use Win + X and choose Command Prompt (Admin) from the list.

In the black box type in/copy the following command :

net user administrator /active:yes

Validate by pressing Enter.

Now log off and select the administrator account that should appear

To open an Administrator Cmd prompt from the Desktop use Win + X and choose Command Prompt (Admin) from the list.

In the black box type in/copy the following commands, each one followed by enter :

ipconfig /flushdns
netsh int ip reset c:\resetlog.txt
ipconfig /release
ipconfig /renew

Then reboot the computer to your normal account

If the fix is a success turn off the super admin :

To open an Administrator Cmd prompt from the Desktop use Win + X and choose Command Prompt (Admin) from the list.

In the black box type in/copy the following command :

net user administrator /active:no

Validate by pressing Enter.

REDACTED · « **Reply #25 on:** July 11, 2014, 07:39:30 PM »

netsh int ip reset c:\resetlog.txt has the same result using Administrator account

so maybe it is just not working completely on windows 8.1.

essexboy · « **Reply #26 on:** July 11, 2014, 07:42:07 PM »

OK I will check how to retake permissions on that reg key

essexboy · « **Reply #27 on:** July 11, 2014, 07:43:47 PM »

When you disabled Avast self protection did you remove the tick in Settings > Troubleshooting

essexboy · « **Reply #28 on:** July 11, 2014, 08:33:55 PM »

OK this small programme should reset all registry key permissions to default, which should allow us to revert the changes

Download and run Reset Registry Permissions from here http://www.tweaking.com/content/page/reset_registry_permissions.html
Once it has finished then try the netsh int ip reset command again

REDACTED · « **Reply #29 on:** July 11, 2014, 10:41:57 PM »

Quote from: essexboy on July 11, 2014, 07:43:47 PM

When you disabled Avast self protection did you remove the tick in Settings > Troubleshooting

Yes, that was what I did and also disabled the shields.

Author Topic: Infection URL:Mal (Read 12360 times)

REDACTED

Re: Infection URL:Mal

essexboy

Re: Infection URL:Mal

REDACTED

Re: Infection URL:Mal

essexboy

Re: Infection URL:Mal

REDACTED

Re: Infection URL:Mal

essexboy

Re: Infection URL:Mal

REDACTED

Re: Infection URL:Mal

essexboy

Re: Infection URL:Mal

REDACTED

Re: Infection URL:Mal

essexboy

Re: Infection URL:Mal

REDACTED

Re: Infection URL:Mal

essexboy

Re: Infection URL:Mal

essexboy

Re: Infection URL:Mal

essexboy

Re: Infection URL:Mal

REDACTED

Re: Infection URL:Mal