ndiswan.exe harmful webpage

[REDACTED]

Hi all,

Since the last 4-5 weeks I get multiple times per day the message below, since a boot scan does not reveal any virus, should I report this as a false positive?



If not, what other checks do I need to do?

Thanks
Alex

[Eddy]

https://forum.avast.com/index.php?topic=53253.0

[REDACTED]

OK here are my logs.

By the way, I got the same above message few minutes ago.

Thanks
Alex

[Eddy]

Thank you for providing the logs.
Please do not change anything to your system so we can have a good look at the logs and help you.

[essexboy]

Let me know if this clears it

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9250BEDF-1BFB-4B9B-9BCB-75710F53A530} URL =   
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll No File
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
FF NetworkProxy: "backup.gopher", "93.63.71.211"
FF NetworkProxy: "backup.gopher_port", 0
FF NetworkProxy: "gopher", "93.63.71.211"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "type", 0
C:\Users\AD\cyggcc_s-1.dll
C:\Users\AD\cygstdc++-6.dll
C:\Users\AD\cygwin1.dll
C:\Users\AD\iperf.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.
  

[REDACTED]

Hi,

I got the the Fixlog.txt file (attached) but I cannot run  AdwCleaner.exe as it is blocked by Avast.
It does not allow me to white list it either...

Thank you
Alex

[essexboy]

Could you retry a download, use the bleeping.com site.  As the download works for me now

[REDACTED]

It is not the download the problem, but running the program, it's blocked and deleted by Avast

[essexboy]

Could you confirm that avast is updated as I have no problems running it on my system

[REDACTED]

For whatever reason, I tried now and it worked, last night I tried three times, no way, file removed.
Anyhow, here the results.

[essexboy]

Are the alerts still occurring ?

[REDACTED]

For the moment I did not get another one today, but if I will, I'll let you know.
Did you notice anything bad was removed?

Thank you for your help!
Alex

[essexboy]

Not really as it was all adware stuff.  When you are happy let me know and I will tidy up

[REDACTED]

Hi,

What shall I do with this instead?
This is coming up from time to time, say weekly.
I have always used VLC and keep it updated, but this message pops-up since a few months now.

Thanks
Alex

[essexboy]

Personally unless you use the toolbar I would recommend uninstalling it.  Otherwise just ignore the weekly prompts