URL: http://wpad.browserupdatecheck.in/wpad.dat

[REDACTED]

MBAR logs
Nothing was found

[REDACTED]

I feel this may be a false positive, hold on whilst I ask Avast to check this out, all reports is clean.

[REDACTED]

Ok, thanks

[magna86]

Hi pest.by,

Do you still need help?

[REDACTED]

Hi,
Yes, I'm still receiving this notification

[magna86]

Hi pest.by,

I'll be working with you from now on. I know how to target this, still first I would like to try something, some test to see will this hush the alearts.

1. Launch Interent Explorer, browser for Microsoft, known as IE.
2. Go to Settings > Internet Options, click on Connections tab;
3. Under Local Area Network Settings (bottom) area, click on LAN Settings button;
4. New Window will pop-up, please de-check the Automatically detect the settings option;
5. Save these settings by pressing OK;

Click to see the image: https://dl.dropboxusercontent.com/u/73555776/Capture.JPG


Reboot your PC and tell me will this fix your problem?

[REDACTED]

Done.
Now I'm getting only this:
URL: http://wpad.browserupdatecheck.in/wpad.dat
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

[magna86]

Ok, let's done this manually.



Step #1



Please download Farbar Recovery Scan Tool () by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

• Type browserupdatecheck.in;wpad.dat into the Search: field in FRST then click the Search Registry button.
  
• FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
  
• Please attach it to your reply.

.




.




Step #2


Download ZHPDiag to your desktop.

Take action to disable your antivirus and antispyware programs, as they may conflict with ZHPDiag
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Installing ZHPDiag

• Double-click zhpdiag.exe to start the installation.
  
• Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
  
• Click multiple times "Suivant" in the installation process.
  
• Click "Installer" when asked and "Terminer" once the installation is complete.

Running ZHPDiag

• Double-click the shortcut ZHPDiag on your desktop.
  
• The user interface will appear, now select "Configureren".
  
• If the tools default language isn't set to English, click in the bottom right corner on the icon "Sélectionner une langue" and choose "Anglais".
  
• Next, click on the icon in the bottom left "Diagnostic Options".
  
• ZHPDiag is now scanning your computer. Please wait patiently until the scan is finished.

[thumb]http://hijackthis.nl/smeenk/ZHPDiag.PNG[/thumb]

The ZHPDiag.txt logfile

• When finished, a logfile named "ZHPDiag.txt" will appear on your desktop.
  
• Please post the logfile for further review in your next comment.

[REDACTED]

Step #1 logs

[REDACTED]

Step #2 logs

[magna86]

Hi,


Step#1




1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]

CreateRestorePoint:
Reg: reg delete "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
Reg: reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
Reg: reg delete "HKLM\Software\Wow6432Node\9712e1a3-baa6-8fb8-2970-ef48b37e14a3" /f


2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.





Step #2

Download this file and save it to your desktop;
http://download.bleepingcomputer.com/win-services/8/Tcpip.reg

Run the file by double-click and allow it to be merged into registry. Reboot the PC and tell me how is the computer behavior now?

NOTICE: This file was written specifically for this OS, for use on that particular machine. Running this on another machine may cause damage to the operating system

[REDACTED]

Looks like everything is good. I'm not receiving any notifications. Will see after few days.
Thanks
Log attached

[magna86]

Looks like everything is good. I'm not receiving any notifications. Will see after few days.

Ok, please report back. Then, I'll remove used tools and give you a few tips how to protect yourself.

[REDACTED]

Looks like everything is fine. I didn't receive any notifications.
Thank you

[magna86]

Glad I could help. Posted logs appear cleans and show no signs of active infection. You should be good to go ...   

We're gonna remove my used tools now as well as carry out some further cleaning and security settings. To learn more about how to protect yourself I'll give you a few tips for reading. 



• The following will implement some post-cleanup procedures:



---     ---     ---     ---     ---


Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.




Tip: Do not use security tools such as ComboFix, FRST, Zoek and the like. These are advanced security tool, should not be used without supervision.



---     ---     ---     ---     ---



• Learn how to protect yourself:



=>  In order to stay protected it is very important that you regularly update all of your software and Windows Operating System.

It is important that you visit Windows Update regularly.
How to configure and use Automatic Updates in Windows

It's vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Keeping Java and Adobe update is priority.
Download and install latest version of Java
Download and install latest version of Adobe Reader



=>  I recommend that you use one of the fantastic opportunities provided by avast! AntiVirus.

For security protection, an active AntiVirus is required. If you want to reinforce your security setup I recommended additional security software and utilities:
Download and install Malwarebytes' Anti-Malware and perform 'Threat Scan' from time to time. Malwarebytes will detect and remove all traces of known malware.
Download and install MCShield Anti-Malware Tool to prevent infections transmitted via removable drives.
Download and install Unchecky to keeps your checkboxes clear by preventing installing additional adware and other PUP bad software.
Download and install AdBlock for safe web browser surfing without annoying and malicious advertising ads.



• Extra text for reading:

Please visit and review PC Safety and Security - What Do I Need? for some helpful information.

Please visit FAQ - Answers to common security questions - Best Practices to read tips how to protect yourself against malware infection.

You may also visit and read What to do if your Computer is running slowly? if you like to read some basic geek stuff.




• The specific type of infection:

Meet CryptoPrevent. Security app that shall attempt to prevent dangerous malware that encrypts certain types of files stored on your disk, like CryptoWall, CryptoLocker and simular clones.

More information about this family of malicious software: CryptoLocker Ransomware Information Guide and FAQ ; 
Cryptolocker Ransomware: What You Need To Know and CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ










Stay safe. 


Best Regards,
magna86