Author Topic: ARGH!! hxxp://skegnessasc.org/accounts/restorefunction.css url...  (Read 4474 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Hello everyone,

Currently I am experiencing an issue regarding a nasty piece of Mal ware that is attempting to redirect me to hxxp://skegnessasc.org/accounts/restorefunction.css.
First time I encountered this, It disabled my malwarebytes.

I ran a restart and booted up into safe mode and remove malwarebytes by using MBAM-CLEAN.exe then reinstalled Malwarebytes within safe mode. I ran a scan within Malwarebaytes and it did not report anything :(. After the scan from malwarebytes, I also ran AdwCleaner 3.3.1.0  and during the scan it picked up a few remnants of snapdo.engine which it did cleared out.

When I attempt to restart the machine into normal mode, malwarebytes is up and running and avast is behaving normally. And... This appears (see attached screenshot).

If anyone can help me on this matter, I would be very grateful.

I also included a copy of FRST.text as well as hijackthis.log

Thank you :)

UPDATE: I forgot to add aswMBR log. I will add that in as soon as the scan is complete.

UPDATE 2: aswMBR log, Addition.text and MBAM.txt are included
« Last Edit: September 17, 2014, 05:52:55 PM by kmiller »

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: ARGH!! hxxp://skegnessasc.org/accounts/restorefunction.css url...
« Reply #1 on: September 17, 2014, 05:27:27 PM »
Hello,

HiJackThis is outdated analysis tool and it can not be assumed as valid.

You have been posted only the FRST.txt logfile. I shall require additional.txt as well.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: ARGH!! hxxp://skegnessasc.org/accounts/restorefunction.css url...
« Reply #2 on: September 17, 2014, 05:31:25 PM »
Also, post me the MBAM logfile, the one that shows the detected threads (if any).


• Click on the History tab > Application Logs. Double click on the Scan Log which shows the date and time of just performed scan.
- Click Export button at the bottom, and then select the 'Text file (*.txt)'
- In the Save File dialog box which appears, click on Desktop.
- In the File name: box type "mbam" (without quotes) for your scan log name and click Save.
- A message box "Your file has been successfully exported" should appear, click Ok and close the windows.



Please attach the exported/saved log named as mbam.txt to your next reply.

REDACTED

  • Guest
Re: ARGH!! hxxp://skegnessasc.org/accounts/restorefunction.css url...
« Reply #3 on: September 17, 2014, 05:38:17 PM »
Hello,

Thank you for the quick response :)

Attached is most recent malwarebyes log, aswMBR as well as the Addition.txt from FRST.


Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: ARGH!! hxxp://skegnessasc.org/accounts/restorefunction.css url...
« Reply #4 on: September 17, 2014, 06:31:36 PM »
Hello,

Try to uninstall the following bad programs from Programs and Features in Control Panel;

Snap.Do
Snap.Do Engine




Download FixList.txt from attachments ...

FixList.txt must be in the same location where FRST.exe tool is!



Re-run FRST.exe as you did before ...

  •    Press the Fix button once and wait.
  •    FRST will process fixlist.txt
  •    When finished, it will produce a log fixlog.txt and will keep that log in the same folder where FRST.exe is.
> Copy-paste here fixlog.txt logreport.