Author Topic: URL: Mal bestdriverstar, opticguardzip...  (Read 1941 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
URL: Mal bestdriverstar, opticguardzip...
« on: July 01, 2015, 12:30:03 PM »
Hi, I've been having this issues for the last month, and whenever I log in to the computer, a pop up from Avast appears, saying it blocked a file. It's never the same. Sometimes is bestdriverstar, other times opticguardzip, simplesitescan, alwaysisobar or anythicago. Would really appreciate some help.

Thanks! :)

Logs are attached
« Last Edit: July 01, 2015, 12:33:50 PM by Rotricko »

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: URL: Mal bestdriverstar, opticguardzip...
« Reply #1 on: July 01, 2015, 12:46:18 PM »
Hello Rotricko,

It would seems that Malwarebytes has been target all of the adware and FRST shows no active malware. So, the avast!'s flags are created by some inactive remains.

Bdw, logs shows BSOD events. Are these BSODs happens often?



This fix should silence the avast. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]
CMD: bitsadmin /reset /allusers
EmptyTemp:
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

« Last Edit: July 01, 2015, 12:48:17 PM by magna86 »

REDACTED

  • Guest
Re: URL: Mal bestdriverstar, opticguardzip...
« Reply #2 on: July 01, 2015, 01:15:01 PM »
Hi, it looks it worked. The computer restarted and nothing appeared.

No, I think these BSODs just happened yesterday.


Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: URL: Mal bestdriverstar, opticguardzip...
« Reply #3 on: July 01, 2015, 01:44:21 PM »
Yes, the issue was in Background Intelligent Transfer Service job (a.k.a BITS downloader). These jobs are mostly uses by Windows Update but ...

Info:
https://msdn.microsoft.com/en-us/library/aa362708(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/aa363132(v=vs.85).aspx

Quote
BITSADMIN version 3.0 [ 7.5.7601 ]

{8526E0E6-6E2A-434C-ABD9-1C0322431BC7} canceled.

This is what avast has been flaged.

Translated, some PUP installer has tried to be installed on your PC, avast! block the PUP installation and mark the installer and loaded files (if any) as malware but before install process has been blocked by avast!, installer succeeding to add one job to BITS (jobs attempt is to call server every 10 minutes).

Avast here should process the BITS job as well instead just leaving them behind and heuristically flags the malicius job ...

Malwarebytes has just targeting mainly some registry keys in this case.

Plus, we had a nice jobe here as well: 2.8 GB temporary data removed.






The following will implement some post-cleanup procedures:
Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.


« Last Edit: July 01, 2015, 01:45:53 PM by magna86 »

REDACTED

  • Guest
Re: URL: Mal bestdriverstar, opticguardzip...
« Reply #4 on: July 01, 2015, 02:12:42 PM »
It looks like everything is fine.

And yes, really nice job. Thanks a lot! :)