Author Topic: URL:Mal - Explorer.exe  (Read 20731 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
URL:Mal - Explorer.exe
« on: October 24, 2014, 07:41:31 PM »
My computer has been running slower for days. I installed avast and the scan found nothing, but I've received constant pop-ups from the avast! Web Shield:
Object: https://svadxvbtuc8c.com (yesterday it was a different URL)
Infection: URL:Mal
Process: C:\Windows\explorer.exe (always the same)

I've run the other recommended scanners listed on the main forum topic. Logs attached.

Any help is greatly appreciated!
« Last Edit: October 24, 2014, 10:52:25 PM by blake7 »

REDACTED

  • Guest
Re: URL:Mal - Explorer.exe
« Reply #1 on: October 24, 2014, 09:12:47 PM »
Ditto. Avast we need your help!!

REDACTED

  • Guest
Re: URL:Mal - Explorer.exe
« Reply #2 on: October 24, 2014, 09:19:37 PM »
Ditto here. Driving me crazy!

REDACTED

  • Guest
Re: URL:Mal - Explorer.exe
« Reply #3 on: October 24, 2014, 09:19:52 PM »
This is the message:

Object: svadxvbtuc8c.com
Infection: URL:MAL
Process: C:\WINDOWS\explorer.exe

Clicking on MORE DETAILS takes you to an "apparent" AVAST website.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: URL:Mal - Explorer.exe
« Reply #4 on: October 24, 2014, 09:26:44 PM »
You appear to be running three antivirus programmes, two will need to go 

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

REDACTED

  • Guest
Re: URL:Mal - Explorer.exe
« Reply #5 on: October 24, 2014, 09:37:59 PM »
I am getting the same thing as well. It changes almost daily and I have been unable to remove.

REDACTED

  • Guest
Re: URL:Mal - Explorer.exe
« Reply #6 on: October 24, 2014, 10:44:34 PM »
Essexboy,

I ran Combofix as instructed. Log attached. The issue persists: I continue to receive pop-ups like the one previously described.

One hiccup: I physically disconnected my computer from the internet before disabling avast! (as I'm concerned about whatever information the virus is trying to transmit), I then ran ComboFix, but it obviously wasn't able to update to the latest version. Per your instructions, I did not re-run ComboFix. Should I update it and re-run?

Many thanks.
« Last Edit: October 24, 2014, 11:05:51 PM by blake7 »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: URL:Mal - Explorer.exe
« Reply #7 on: October 24, 2014, 10:54:21 PM »
Could you re-attach the FRST log please as I would like to take another look at it

Also are any other computers that use your router experiencing this ?

REDACTED

  • Guest
Re: URL:Mal - Explorer.exe
« Reply #8 on: October 24, 2014, 10:57:43 PM »
Attached.

Regarding other computers: not that I am aware of.
« Last Edit: October 24, 2014, 11:06:06 PM by blake7 »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: URL:Mal - Explorer.exe
« Reply #9 on: October 24, 2014, 11:01:27 PM »
OK as of now I am unable to locate the trigger, do you have a system restore point prior to the alerts starting ?

If so could you restore to that and if the alerts do not re-appear run a fresh FRST scan so that I can run a comparison

REDACTED

  • Guest
Re: URL:Mal - Explorer.exe
« Reply #10 on: October 24, 2014, 11:04:49 PM »
No, I don't have an early enough restore point.

Forgive me naivety, but is there no way to install a corrected version of explorer.exe?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: URL:Mal - Explorer.exe
« Reply #11 on: October 24, 2014, 11:14:29 PM »
Its not explorer it is just that the file is using explorer to access that site.  Have you ever used process explorer by sysinternals ?

REDACTED

  • Guest
Re: URL:Mal - Explorer.exe
« Reply #12 on: October 24, 2014, 11:16:25 PM »
I don't think so? Should I?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: URL:Mal - Explorer.exe
« Reply #13 on: October 24, 2014, 11:21:54 PM »
OK if you feel happy could you do the following :

Download to your desktop process explorer from here http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx
Run the programme and expand (by pressing the +) explorer.exe
When the alert appears note down what process is using explorer at that time
In my screenshot I just have Caledos running under explorer

 

REDACTED

  • Guest
Re: URL:Mal - Explorer.exe
« Reply #14 on: October 24, 2014, 11:27:35 PM »
Screenshot below.