Author Topic: http://wpad.browserupdatecheck.in/wpad.dat virus  (Read 21905 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #45 on: July 02, 2015, 08:12:36 PM »
Hi Sir,

Yes, the router (wireless) provides me the internet connection.

Please find the log files....


Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #46 on: July 02, 2015, 08:30:17 PM »
Ok, while I look at these logs (and they are long) let's try something else;

Turn off all computers, iphones, ...etc. Then unplug the power cable from the router. Now unplug the power cable from the (Cable) modem.

Let it OFF for about ~ 5 minutes.

Then with the computers still off, plug back in the Cable modem power cable...when all the lights come on, then plug in the router.
When all the lights come back on, then start all computers.

Now check if your problem still exists. Post results here!

REDACTED

  • Guest
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #47 on: July 02, 2015, 08:50:16 PM »
Hi Sir,

I have done exactly what you have mentioned, but immediately after the restart, the notification arrives...

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #48 on: July 02, 2015, 08:57:43 PM »
Tell me, will this fix the problem?


Copy the following code completely:
 
Code: [Select]
Script ZHPFix
SysRestore
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = browserupdatecheck.in
[HKCU\Software\CinemaPlus-3.2cV29.05-nv-ie]  =>PUP.CrossRider
[MD5.9C64B0E9A375F180450149CBF73B397F] [WIS][7/14/2012] (.Amazon - Amazon Browser App.) -- C:\Windows\Installer\dc791.msi   [1122304]  =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32  =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS  =>PUP.AdvancedSystemProtector
EmptyTemp
EmptyFlash
FirewallRaz
Hostfix
Proxyfix
IFEOFix

Take action to disable your antivirus and antispyware programs, as they may conflict with ZHPDiag
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Running ZHPFix
  • Double-click the ZHPFix shortcut on your desktop.
  • Press "Import"
  • Now select "Go".
  • Please wait patiently until a logfile opens.
The ZHPFix logfile
  • When finished, a logfile named "ZPHFix[r1].txt" will appear on your desktop.
  • Please post the logfile for further review in your next comment.
« Last Edit: July 02, 2015, 09:00:51 PM by magna86 »

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #49 on: July 02, 2015, 09:01:09 PM »
bump!


I've edited ZHP Fix script.

REDACTED

  • Guest
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #50 on: July 02, 2015, 09:19:08 PM »
Hi Sir,

I have run the fix (may be before you edited it), let me know if I need to run that again...

Here is the log file...

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #51 on: July 02, 2015, 09:26:22 PM »
No, you don't have to. All has been executed as planed.

Do you still having alearts?

We will have to temporaly disable avast! and re-run ZHPFix in attempt to reset hosts successful. But first, tell me please some good news? :)

Quote
========== Elements of the registry data ==========
REMOVES TCPIP: SearchList = browserupdatecheck.in

REDACTED

  • Guest
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #52 on: July 02, 2015, 09:34:50 PM »
Hi Sir,

Actually the alert is still coming.

Shall I re-run ZHPFix with the same script as earlier (updated one)?

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #53 on: July 02, 2015, 09:43:41 PM »
No. You go rest and see ya tommorow.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #54 on: July 02, 2015, 10:02:56 PM »
@rajuvprasad, do this when you can and when you get time.

We'll preform manualy random search in attempt to locate some data related for alearts you receive.




Please download SystemLook by jpshortstuff and save it to your Desktop.
http://jpshortstuff.247fixes.com/SystemLook.exe
Alter download link: http://images.malwareremoval.com/jpshortstuff/SystemLook.exe


- Right click on SystemLook.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
Highlight and copy the following entries: into SystemLook's main text entry window.





Code: [Select]
:filefind
*browserupdatecheck*
*wpad*
*wpad.browserupdatecheck.in*

:folderfind
*browserupdatecheck*
*wpad*
*wpad.browserupdatecheck.in*

:Regfind
browserupdatecheck
wpad
wpad.browserupdatecheck.in


Press the Look button to start the scan. The scan will take a while (porhaps, even more than hour), so please be patient...
When finished, a Notepad window will open with the results of the scan.
A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt


Please post the contents of the SystemLook.txt file in your next reply.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #55 on: July 03, 2015, 03:12:39 PM »
Post SystemLook log on pastebin site as well please and post here URL link so i can take a look into that log.

It would seems that forum disturb the system look report formating and log is not usefull to me as it should be.
http://pastebin.com/

REDACTED

  • Guest
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #56 on: July 03, 2015, 03:28:29 PM »
Hi Sir,

I haven't seen any notifications today until now (last 4 hrs).

Here is the link for the SystemLook log file -- http://pastebin.com/dfCFhJTm

Also, the scan took just 5 mins to run.

One more issue what I have is, sometimes when I click on links in content on any website, some junk pages are getting loaded...here are those links that opened...

http://games.71box.com/santas-helpers/?host=m.71box.com&locale=en&p=m.71box.com
http://www.71box.com/
http://mobilegames.candyoyo.com/horde-of-evil/?host=m.candyoyo.com&locale=en&p=m.candyoyo.com
http://games.71box.com/connect-me-factory/?host=m.71box.com&locale=en&p=m.71box.com
http://mobilegames.candyoyo.com/rebel-thumb/?host=m.candyoyo.com&locale=en&p=m.candyoyo.com

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #57 on: July 03, 2015, 03:57:23 PM »
I think we found him.



1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]
Start
CreateRestorePoint:
Reg: reg delete HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
Reg: reg delete HKEY_USERS\S-1-5-21-3016000360-1041427054-1883944200-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
Reg: reg add HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
Reg: reg add HKEY_USERS\S-1-5-21-3016000360-1041427054-1883944200-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
End


2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.





.




Once again we shall use FRST for additional checks, just in case. Re-run FRST/FRST64 by double-clicking:
  • Type browserupdatecheck into the Search: field in FRST then click the Search Registry button.
  • FRST will search your computer for registry and when finished it will produce a log Search.txt in the same directory the tool is run.
  • Please attach it to your reply.
Tell me please, is the computer running fine after this fix?

REDACTED

  • Guest
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #58 on: July 03, 2015, 04:21:49 PM »
Hi Sir,

I have run fixlist, looks like there are some errors...plz find attached the log file...

I haven't yet run the search registry.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #59 on: July 03, 2015, 04:30:31 PM »
Yes ... my fault. I forgot to add a valid command. Please create and use this FixList.



Code: [Select]
Start
CreateRestorePoint:
Reg: reg delete HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad /f
Reg: reg delete HKEY_USERS\S-1-5-21-3016000360-1041427054-1883944200-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad /f
Reg: reg add HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad /f
Reg: reg add HKEY_USERS\S-1-5-21-3016000360-1041427054-1883944200-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad /f
End