Author Topic: MAL:URL Popups (Read 2986 times)

REDACTED · « **on:** June 06, 2015, 06:11:38 PM »

Hi

For the past few days, I have been getting continual Avast Webshield pop ups warning of a blocked "harmful webpage or file".

This happens as soon as I connect to the internet and before I even open my browser. There are usually 8 to 12 popups.

The popups are similar to these (Same domain names, and file types, slightly different file names):

URL:http://anythicago.com/4141/RelayTurbo_142668814314552.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

URL:http://simplesitescan.net/4141/LighterInit_142669556111830.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

URL:http://alwaysisobar.com/4141/CutterGeneration_142669028208336.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

URL:http://bestdriverstar.net/4141/CutterSystem_142669222915982.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

URL:http://opticguardzip.net/4141/CutterSystem_142669222919983.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

I have used the following malware removers without success:
*Malwarebytes Antimalware
*Spybot S&D
*Iobit Malware Fighter
*Adwcleaner 4

Attached are my malwarebytes scan log from today, FRST and FRST addition text files and the aswMBR.exe scan log file.

Eddy · « **Reply #1 on:** June 06, 2015, 06:51:24 PM »

You already made 2 mistakes.

1]
You have used Spybot, since is nowadays has a huge lack of detection.

2]
You have used software from thiefs (IObit).
https://forums.malwarebytes.org/index.php?/topic/29681-iobit-steals-malwarebytes-intellectual-property/

REDACTED · « **Reply #2 on:** June 06, 2015, 07:07:06 PM »

Didn't realise that IObit stole intellectual property or that Spybot was so ineffective.
My decision to use these programs stemmed from reviews and ratings on download.cnet.com.

However, I still require assistance with these URL:MAL infections.

Looking at the similar domain names and large amount of recent threads on this forum; this problem seems to be quite widespread.

essexboy · « **Reply #3 on:** June 06, 2015, 07:25:10 PM »

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Quote

CreateRestorePoint:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

REDACTED · « **Reply #4 on:** June 06, 2015, 09:28:25 PM »

This seems to have resolved the problem. There are no more Avast popups when I connect to the internet.

Thanks for the assistance.

The completion log is attached.

essexboy · « **Reply #5 on:** June 06, 2015, 09:31:08 PM »

Remove tools

Download and run Delfix
Select the options as shown

REDACTED · « **Reply #6 on:** June 06, 2015, 09:49:45 PM »

I followed the instructions.

Problem seems resolved.

Thanks for the brilliant support.

essexboy · « **Reply #7 on:** June 06, 2015, 10:58:49 PM »

Author Topic: MAL:URL Popups (Read 2986 times)

REDACTED

MAL:URL Popups

Eddy

Re: MAL:URL Popups

REDACTED

Re: MAL:URL Popups

essexboy

Re: MAL:URL Popups

REDACTED

Re: MAL:URL Popups

essexboy

Re: MAL:URL Popups

REDACTED

Re: MAL:URL Popups

essexboy

Re: MAL:URL Popups