Author Topic: Avast Web Shield has blocked a harmful webpage or file. (Read 9068 times)

REDACTED · « **on:** December 14, 2014, 10:33:01 PM »

I need Help,
I have run Avast free Antivirus 2015 and get no threats, same result with Malwarebytes, nothing, however I keep getting the following:

Avast Web Shield has blocked a harmful webpage or file.

Object: htp://filesonlinehere.com/sync/?rmbs=...

Infection: URL:Mal

Process: C:\Program Files (x86)\...\chrome.exe

then this one:

Avast Web Shield has blocked a harmful webpage or file.

Object: htp://allgoodtoolkitbest1.info/sync/?q=...

Infection: URL:Mal

Process: C:\Program Files (x86)\...\chrome.exe

then this one:

Avast Web Shield has blocked a harmful webpage or file.

Object: htp://morefilesnow.co.il/sync/?q=C6qu...

Infection: URL:Mal

Process: C:\Program Files (x86)\...\chrome.exe

then this one:

Avast Web Shield has blocked a harmful webpage or file.

Object: htp://bestaddon.co.il/sync/?q=C6qUojs...

Infection: URL:Mal

Process: C:\Program Files (x86)\...\chrome.exe

then:

Avast Web Shield has blocked a harmful webpage or file.

Object: htp://getfilenow.co.il/sync/?rmbs=1g=C...

Infection: URL:Mal

Process: C:\Program Files (x86)\...\chrome.exe

then:

Avast Web Shield has blocked a harmful webpage or file.

Object: htp://apps-infor.info/sync/?rmbs=1g=C...

Infection: URL:Mal

Process: C:\Program Files (x86)\...\chrome.exe

I have no idea what is going on!
Here are the results from the scans:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/14/2014
Scan Time: 12:28:34 PM
Logfile: mbam121414.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.14.06
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: asus

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 397181
Time Elapsed: 36 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

# AdwCleaner v4.105 - Report created 14/12/2014 at 13:39:18
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : asus - PERSONAL
# Running from : C:\Users\rac\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\17972120452655662742

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

-\\ Google Chrome v39.0.2171.71

*************************

AdwCleaner[R0].txt - [815 octets] - [09/12/2014 11:50:18]
AdwCleaner[R1].txt - [874 octets] - [14/12/2014 13:27:30]
AdwCleaner[R2].txt - [933 octets] - [14/12/2014 13:32:54]
AdwCleaner[R3].txt - [992 octets] - [14/12/2014 13:36:02]
AdwCleaner[S0].txt - [916 octets] - [14/12/2014 13:39:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [975 octets] ##########

essexboy · « **Reply #1 on:** December 14, 2014, 10:34:34 PM »

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please attach both logs generated.

REDACTED · « **Reply #2 on:** December 14, 2014, 10:42:43 PM »

Here are the FARBAR logs

essexboy · « **Reply #3 on:** December 14, 2014, 11:00:09 PM »

OK first thing you must do is uninstall Chrome as it has been changed to developer mode and as such has no security at all. You can re-install Chrome on completion. Once you have done that then run this fix

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Quote

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
2014-12-08 10:37 - 2014-12-08 10:37 - 00000000 ____D () C:\Program Files (x86)\BuyNsavue
2014-12-08 10:36 - 2014-12-08 10:36 - 00000000 ____D () C:\ProgramData\ilhbnpfibbfaanglbhcgiopinnmfaeph
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\Users\rac\AppData\Local\Google\Chrome
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

REDACTED · « **Reply #4 on:** December 14, 2014, 11:14:03 PM »

Okay thanks, will I lose my saved passwords and bookmarks? Do you think my passwords in Chrome have been compromised?

polonus · « **Reply #5 on:** December 14, 2014, 11:49:35 PM »

Hi bfalk,

Please, break all live website links in your initial posting like htxp://allgoodtoolkitbest1.info/
Re: https://www.virustotal.com/nl/url/7a56b765c701a3164abce883953294398a3d781febccf24dbb11e293317f87e9/analysis/
These links are malicious and the unaware may get infested by clicking such an unbroken link...
See also: http://totalhash.com/analysis/306da9c404b3a4fd5b6de1bc39d41238e1b8239b for instance.

polonus

essexboy · « **Reply #6 on:** December 15, 2014, 05:41:58 PM »

Backup just the bookmarks and passwords from chrome, nothing else

Author Topic: Avast Web Shield has blocked a harmful webpage or file. (Read 9068 times)

REDACTED

Avast Web Shield has blocked a harmful webpage or file.

essexboy

Re: Avast Web Shield has blocked a harmful webpage or file.

REDACTED

Re: Avast Web Shield has blocked a harmful webpage or file.

essexboy

Re: Avast Web Shield has blocked a harmful webpage or file.

REDACTED

Re: Avast Web Shield has blocked a harmful webpage or file.

polonus

Re: Avast Web Shield has blocked a harmful webpage or file.

essexboy

Re: Avast Web Shield has blocked a harmful webpage or file.