Need help with go.wvydeo.com, 7787.mclickurl.com

[REDACTED]

I keep getting a relentless stream of notices that Avast has blocked a harmful web page with references to Objects such as "https://go.wvydeo.com", "https://7787.mclickurl.com" and "http://xmlka.com", each of which shows the type of Infection to be "URL:Mal".  I have found many posts related to fixing the go.wvydeo.com problem, but they all say that the solution is specific to a particular computer and not to use it elsewhere.  I have not found a general set of instructions to fix this problem on the Forum, and everything I have found online either isn't clear to me or I don't trust the source.  Would somebody be willing to point me in the right direction?  Thanks in advance for any help you might be able to give me...  -Rick

[Rednose]

Hi Rick, welcome to the forum 

Please change the links in your post from https// to htxps:// so that they are not clickable.

Follow this turtorial https://forum.avast.com/index.php?topic=53253.0 and attach the requested logs in your next reply.
As soon as an expert is online and available he/she will help you.

Greetz, Red.

[TwinHeadedEagle]

Awaiting reports.

[REDACTED]

I have attached the scan log.  Thanks so much for helping... 

[Eddy]

We need the other logs as well.

[REDACTED]

Here are the Farbar Recovery Scan logs...

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

Please attach it to your reply.

[REDACTED]

I was running the aswMBR scan.  Is that log not needed?

[TwinHeadedEagle]

You can attach it.

[REDACTED]

I ran the FRST64.exe fix (Fixlog is attached) and restarted my computer. 

I am still getting Infection warnings from Avast every few minutes (all of which show “URL:Mal” and “Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe”).
 
Warnings for the following have all popped up just within the last half hour:

hxxp://199.233.238.11/callflow/lp20fascdas/?a=HT&u=44k8zsc5d401&clickid=44k8zsc5d401&ent=yes&ext=yes&rec=yes&au=yes&lo=yes&browser=MSIE&country=United+States&device=&model=&os=Windows&isp=Comcast+Cable&ip={ip}

hxxp://go.wvydeo.com/resultsda/?x=0&qs=IhwIAhVYFXBZWhAcSUEKXVpFQkAxUVlJVAFCIwxFBBweEAYdJ0UcFGRRW0hbQ1Q8HgZPS1YVDlJcGBIXYE8KFQNYVTYSBBMFRUZdE0hTQFU2VF1eXFUVdV1FFgtNREdfXhQSEXUHD01cSxB1XVFFXx0GVF9AEREUYFlLExxYEGteU0JJQAhZQV4UERFjFVxAXEsQdV5TQgVAWllfXhERXWNHXUBcVRA5Xk1CSUVEWhNYFA8RY1ldQBBUDnVeU0JJDERHX14UEhF1AgpNXUhVNkgAGx1NR1lXWRAVBz8ACU1UVRJ3WlNKXxQbBA4HTxxiPwgeAwUIQTEHAFwaHxlPHhocEBVgXV1EXlUQcEgIBUQCGwdJDUpWHHUbCBYoWEgxGhNXShFRWwlLE0dHMgoIEgMKSzEcAhEcAloKAAMHVEADVDoZAgFPMh1GQElHUV4MJ2QEFjBYXFYdDU82Gl4RFUdZAB9DEBEMYkRfXV1SGGMcDRlEQVIZDhxVT0QhAAlNXVQUfFlWVBgABAALUxATGGNPHgUODER4X1NDS0NEWl9fB0hRbl5eXl1dFGtcU0BXR0NPCgBVU1huBAgdAxdFPU4REx0ZG08aHE0cSScdHVVfBAV3CEZAHxMYCBwdSExAJwAOXg8KTWBcBR4JXgQBH0sSR1QnBDITDQhQJAcEHFxDEA4IXREREWFcMi9ZUhhzVlQtJkNEUVhfFX5-YlhZSVtQDXRcWkJUQURYXV0REhFiTF9GGRdMYF0HERURBxoGA0BVSDBHDh8BQBIjDUZAHxEYBUpcR0xOIB0yAgkGRSsa

hxxp://7787.mclickurl.com/?p=5VurAFhI6bpiMCr8EHeuhQuu8fwywD5KSIpl7LGU99ImY8t8x8mxTM4mznWZ62dXqmCqBsHMNLGAdrJ0agQxHoiG9HbEtQYA4iZNQG4/sG1YWOoowRHJ4HkrgXf9XwVByz1SrgiU%2B2zYajAM/Z3J72BTc8CpckgbOw9t2KA//8JSR87XmNjPCSsS4Z9zjzAmjAs0DPp4oNVFh86uy/%2BFzfPeLkN7fdkz2ajFHVmNQa97Sm6TSFWh5UK0Rlq3HTCAzlpanV2trHPGdH4ugUvLM0C97VE2SWQ7cAwQmV1/gc/u%2BmGNaEZMJYert9VCE0TXEqBV3NjefzCKoZkaOzQtn70faw5SlVItRzN5O1lkV43cjf08IZ%2BgRxMfUWpjvHRKRHjKEpc4RhcwVWXNG3v0zUZPVCFhQKmRqAjlpcrRktLmDgN9aVjj7H1IsEF3hytkPTDajjs7vMgHB5WcPGPKqEQOyqiHQXwou7%2B8T/LPMgYK0s1611v/xYeAUWDwmEMnaiToBWusG5e3yNQy%2BjoVjBrgU7RNjoPkwW6hmv%2BRrqbw2HrYXIHinLimexFP/JgQ3DZSqxF2W%2Bl72M0gdf0OSw%3D%3D

hxxp://7787.mclickurl.com/?p=5VurAFhI6bpiMCr8EHeuhQuu8fwywD5KSIpl7LGU99ImY8t8x8mxTM4mznWZ62dXqmCqBsHMNLGAdrJ0agQxHoiG9HbEtQYA4iZNQG4/sG1YWOoowRHJ4HkrgXf9XwVByz1SrgiU%2B2zYajAM/Z3J72BTc8CpckgbOw9t2KA//8JSR87XmNjPCSsS4Z9zjzAmjAs0DPp4oNVFh86uy/%2BFzfPeLkN7fdkzbDQypyXl8hF7Sm6TSFWh5b3PIhTe2JlEfxLhmLItWfGBX9sdqXMcYzkPhqWoMb%2BDBDELWTXgSmHu%2BmGNaEZMJYert9VCE0TXEqBV3NjefzCKoZkaOzQtn70faw5SlVItRzN5O1lkV43cjf08IZ%2BgRxMfUWpjvHRKRHjKEpc4RhcwVWXNG3v0zUZPVCFhQKmRqAjlpcrRktIPKlmJ0OZADM3/YzxLTeJ5Ln8lyN4h%2BRk%2Bb6m3g0qSgv6AnU872YysAK2ovwuIAh2l8JaM5wFUOxespkEVZfRUJkwq1l54dZcShbyao0n2qTJ5mhhNqG2z0CQPWvX0N1xZcvzLnhySscmZgtq8JbkWJDMygcaKObBrd%2BRbmrLHIbIWSwWB%2B2g1

hxxp://213.136.76.36/tracheadeceptive/126039337811866

hxxp://199.233.238.11/callflow/lp20fascdas/?a=HT&u=n0ifv34j9y43&clickid=n0ifv34j9y43&ent=yes&ext=yes&rec=yes&au=yes&lo=yes&browser=MSIE&country=United+States&device=&model=&os=Windows&isp=Comcast+Cable&ip={ip}

hxxp://7787.mclickurl.com/?p=5VurAFhI6bpiMCr8EHeuhQuu8fwywD5KSIpl7LGU99ImY8t8x8mxTM4mznWZ62dXqmCqBsHMNLGAdrJ0agQxHoiG9HbEtQYA4iZNQG4/sG1YWOoowRHJ4HkrgXf9XwVByz1SrgiU%2B2zYajAM/Z3J72BTc8CpckgbOw9t2KA//8JSR87XmNjPCSsS4Z9zjzAmjAs0DPp4oNVFh86uy/%2BFzfPeLkN7fdkz43jE/UH8uBC1e/bILX5S7zZ8q2JI8ThSaKggFL5/Z2LFLXu8880QogSCFotkvUAIZdbJMdX7rlXumzHErthLVr2NUWAs9/NZsYpRyYB%2B5jglAqR6m8bpPOhRvxwtSW2hN6DdIh5WjgQciBx1utnsHaQPnVf8i7fU4wNrBkBqWPB5vBLtVxXhZXTald9Z293/pAW85u/P/dELG3QRXbYr7KQWmSqEl07pLn8lyN4h%2BRk%2Bb6m3g0qSgv6AnU872YysAK2ovwuIAh2l8JaM5wFUOxespkEVZfRUJkwq1l54dZcShbyao0n2qTJ5mhhNqG2z7ubMNVWUj0YMsJjUhu9jniQzMoHGijmwa3fkW5qyxyGyFksFgftoNQ%3D%3D

[REDACTED]

Don't know if it will help, but here is the aswMBR log.  When I ran the FRST fix, the first aswMBR scan was running and when the computer re-started it terminated the scan before it finished, so I ran another one...

[TwinHeadedEagle]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
  
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

Code: [Select]

createsrpoint;
autoclean;
bitsadmin /reset /allusers;b
chrdefaults;
emptyalltemp;
ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
  
• Push Run Script and wait patiently. The scan may take a couple of minutes.
  
• When the scan completes, a zoek-results logfile should open in notepad.
  
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

[REDACTED]

The ZOEK scan took hours and then it took multiple tries to get my computer restarted.  After a few failed attempts, including a couple of rounds of start-up repairs, it finally worked and the zoek-results popped up in a notepad window.  The zoek-results.txt file is attached.  Thanks for sticking with me on trying to get this worked out!

[TwinHeadedEagle]

How is your PC behaving now?

[REDACTED]

It is definitely not any better and seems as if it is actually getting worse...

What should I do now?