http://wpad.browserupdatecheck.in/wpad.dat virus

[REDACTED]

Here is the new log file by Zoek...

[REDACTED]

Hi Sir,

I am not using Google Chrome and it is NOT installed on my machine.
I am using Mozilla Firefox. I have uninstalled it completely using REVO Uninstaller and re-installed it yesterday only.
Let me know if you want me to do that again today.

Also please find here new set of log files from Farbar Recovery Scan Tool...

[magna86]

Chrome has previusly been installed on this PC says my logs, thus I just wrote with no checking if Chrome currently is installed on PC.

These logs looks fine to me now. Any other issues?

[REDACTED]

Thanks a lot Sir, looks like the notifications have stopped for now and the adcash.com window popup looks resolved as well.
If I notice them again today I will update here in this thread.
Thank you very much once again for your help.

[REDACTED]

Hi Sir,

The wpad.dat notifications have started coming again...

I haven't noticed any adcash.com popup windows though.

[magna86]

Ok then, let's search the source then. I think I see it still ... once again we shall use FRST for additional checks to see will that show us the source. Re-run FRST/FRST64 by double-clicking:

• Type wpad.dat;wnavga.exe into the Search: field in FRST then click the Search File(s) button.
  
• FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
  
• Please attach it to your reply.

[REDACTED]

Hi Sir,

Here it is....

[magna86]

Found it; https://www.virustotal.com/en/file/acafba9cebfcbfa4bafec3045363724190b778639658d3dc615132fc01d75625/analysis/

Now I am gonna kill im for good. 







1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]

Start
Unlock: C:\WINDOWS\wnavga.exe

Reboot:
C:\WINDOWS\wnavga.exe

CloseProcesses:
R2 WinGraph; C:\WINDOWS\wnavga.exe [8192 2015-04-23] (Microsoft) [File not signed]
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

[REDACTED]

Hi Sir,

Here is the Fixlog.txt

FYI... Just as I was replying with this post, I see the same notification again.

URL: http://wpad.browserupdatecheck.in/wpad.dat
Infection: URL:Mal
Process: C:\Program Files\AVAST Software\Avast\avastui.exe

[magna86]

Hm ...  Ok, please post me the screenshot of that aleart and both fresh FRST logfiles. You have now my full attention.

[magna86]

Edit: I think I know now where the problem is. Let's try this again as first time (first fix), this one small operation didn't work just right...



1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]

Start
CloseProcesses:
CMD: bitsadmin /reset /allusers
EmptyTemp:
End


2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

[REDACTED]

Hi Sir,

I ran the fix, please find attached the Fixlog.txt

Also, for finishing the fix, the system restarted and immediately I got the alert again, I am attaching some images of the same.

[magna86]

It looks like we will have to use a big guns now. Before this, reset Firefox browsers back to defaults;
https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings



Then this might ...



1. Please download ComboFix by sUBs () from here and save it to your Desktop.
If you are unsure how ComboFix works, read this guide.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:
• Right click on the avast! system tray icon () in the lower right corner of the screen and scroll up to avast! shield controls;
• In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note:  Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.

--------------------------------------------------------------------
3. Run ComboFix. Then, on disclaimer window, click I Agree! button.

- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
- If malware is detected, ComboFix will begin with its removal, and may need to restart Windows.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt)
=> Attach log report (ComboFix.txt) back to topic.

ComboFix shall also create addition log (typical location: C:\Qoobox\ComboFix-quarantined-files.txt)
=> Please attach that report (ComboFix-quarantined-files.txt) as well.

[REDACTED]

Hi Sir,

When I try to run Combofix, I get the attached alert...

I am actually using Windows 8.1. Please find attached images.

[magna86]

My bad for ComboFix. I have some personal obligations so I get some distraction in the way ...

I need to take a look at this one better. You may post fresh FRST.txt and Addition.txt log and I'll get the reply as soon as I can.

For about two - three hours