svchost.exe & URL:Mal

[REDACTED]

For about two weeks now my svchost has been going off with URL:MAL warnings and says its been taken care of... but it keeps poping up.

http://epictory.com/4141/LibrarySystem_142668955964554.dll

Theres been other url's in the warning but i dont have them atm.

pls help.

[Eddy]

https://forum.avast.com/index.php?topic=53253.0

[magna86]

Hello,

Post requested logs and I will take a peek.

[REDACTED]

Hello,

Post requested logs and I will take a peek.

logs?

[magna86]

https://forum.avast.com/index.php?topic=53253.0

[REDACTED]

https://forum.avast.com/index.php?topic=53253.0

No idea what so ever what anything on that page means but I'm hoping i got the right thing.

[magna86]

Hello dpssimonds, can you post me the screenshot of that aleart?

FRST is tool design to smartly record all loading points on your system that is known that malware can take advantage and exploit for execution.

I recommended to uninstall all IOBit programs from your system. These programs are not malicius, but they have some malicius past (with Malwarebytes company) so...choise is yours.

Bdw, I will need to start more aggressively, so we shall deploy ComboFix. Let's start ...







1. Please download ComboFix by sUBs () from here and save it to your Desktop.
If you are unsure how ComboFix works, read this guide.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:
• Right click on the avast! system tray icon () in the lower right corner of the screen and scroll up to avast! shield controls;
• In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note:  Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.

--------------------------------------------------------------------
3. Run ComboFix. Then, on disclaimer window, click I Agree! button.

- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
- If malware is detected, ComboFix will begin with its removal, and may need to restart Windows.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt)
=> Attach log report (ComboFix.txt) back to topic.

ComboFix shall also create addition log (typical location: C:\Qoobox\ComboFix-quarantined-files.txt)
=> Please attach that report (ComboFix-quarantined-files.txt) as well.

[REDACTED]

Hello dpssimonds, can you post me the screenshot of that aleart?

I will if it comes up again, i dont have one atm.

logs attached

[magna86]

Looks good. Now to clean some remains ...






Please download Zoek tool by Smeenk () from here and save it to your Desktop.
Unpack the archive...

• Close any open browsers and temporarily disable your AntiVirus program. (if it is necessary)
  If you are unsure how to do this please read this or this Instruction.
  
  
• Double click on zoek.exe to run the tool. Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:

Code: [Select]

EmptyFoldersCheck;Delete
c:\users\Wizard\AppData\Roaming\AVG;f
c:\program files (x86)\AVG;f
c:\users\Wizard\AppData\Local\Avg;f
EmptyCLSID;
netsh int ip reset >> %temp%\log.txt;b
ipconfig /flushdns >> %temp%\log.txt;b
c:\users\Wizard\.chatty;vs
TuneUp.UtilitiesSvc;s
TuneUpUtilitiesDrv;s
AutoClean;



• Click on button.
  Please wait until a logreport will open (this can be after reboot)
  
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"
  

[Eddy]

Information about the theft by IObit:
https://forums.malwarebytes.org/index.php?/topic/33217-iobit-theft-conclusion/

[REDACTED]

Looks good. Now to clean some remains ...

here ya go:

[magna86]

Do you still getting alearts?

[REDACTED]

Do you still getting alearts?

Ill use my computer for awhile and let you know

[REDACTED]

Do you still getting alearts?

The Alerts seem to be gone! I've not seen one yet so far.

[magna86]

Glad I could help. Posted logs appear cleans and show no signs of active infection. You should be good to go ...   

We're gonna remove my used tools now as well as carry out some further cleaning and security settings. To learn more about how to protect yourself I'll give you a few tips for reading. 



• The following will implement some post-cleanup procedures:



---     ---     ---     ---     ---


Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.




Tip: Do not use security tools such as ComboFix, FRST, Zoek and the like. These are advanced security tool, should not be used without supervision.



---     ---     ---     ---     ---



• Learn how to protect yourself:



=>  In order to stay protected it is very important that you regularly update all of your software and Windows Operating System.

It is important that you visit Windows Update regularly.
How to configure and use Automatic Updates in Windows

It's vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Keeping Java and Adobe update is priority.
Download and install latest version of Java
Download and install latest version of Adobe Reader



=>  I recommend that you use one of the fantastic opportunities provided by avast! AntiVirus.

For security protection, an active AntiVirus is required. If you want to reinforce your security setup I recommended additional security software and utilities:
Download and install Malwarebytes' Anti-Malware and perform 'Threat Scan' from time to time. Malwarebytes will detect and remove all traces of known malware.
Download and install MCShield Anti-Malware Tool to prevent infections transmitted via removable drives.
Download and install Unchecky to keeps your checkboxes clear by preventing installing additional adware and other PUP bad software.
Download and install AdBlock for safe web browser surfing without annoying and malicious advertising ads.



• Extra text for reading:

Please visit and review PC Safety and Security - What Do I Need? for some helpful information.

Please visit FAQ - Answers to common security questions - Best Practices to read tips how to protect yourself against malware infection.

You may also visit and read What to do if your Computer is running slowly? if you like to read some basic geek stuff.




• The specific type of infection:

Meet CryptoPrevent. Security app that shall attempt to prevent dangerous malware that encrypts certain types of files stored on your disk, like CryptoWall, CryptoLocker and simular clones.

More information about this family of malicious software: CryptoLocker Ransomware Information Guide and FAQ ; 
Cryptolocker Ransomware: What You Need To Know and CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ










Stay safe. 


Best Regards,
magna86