Author Topic: URL:mal  (Read 6659 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
URL:mal
« on: July 13, 2015, 10:51:09 AM »
Ciao, anche io ho il problema di avvisi di avast (16 in totale) che si presentano all'avvio del PC. Ho effetuato scansione avast all'avvio e ho eseguito MBAM. Il problema rimane.
Ho seguito i vostri consigli e ho fatto una scansione con FRST, allego i report.

Grazie

Offline giogio

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4088
Re: URL:mal
« Reply #1 on: July 13, 2015, 11:50:10 AM »
Ciao,
ho chiesto ad Essexboy di controllare i tuoi log.
Credo che ti risponderà in giornata.
Prima di scrivere sul forum per favore leggi le istruzioni qui https://forum.avast.com/index.php?topic=144453.0
Non inviatemi MP per supporto,grazie-No support PM please
Home: E8400-4GB RAM-500GB HDD-Win10.0.15063x64-Avast! Free 17.3.2291-CryptoPrevent-MBAM 2.2free-Chrome 57(uBlock origin)-TB52
Work: i5-2400-4GB RAM-500GB HDD-Win 7sp1x64-Avast!Business Security 12.3.2515,     
Cloud Console 2.18
-FF52-TB52

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: URL:mal
« Reply #2 on: July 13, 2015, 04:09:43 PM »
Tutto questo bar una linea è solo ripulire :)
Fammi sapere se gli avvisi cessare

All this bar one line is just tidying up :)
Let me know if the alerts cease

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:50116;https=127.0.0.1:50116
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
2015-06-14 21:20 - 2015-07-10 15:13 - 00000000 ____D C:\ProgramData\0f3b5471928b4fd3834dad205fba7597
2015-06-14 21:20 - 2015-06-14 21:20 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

REDACTED

  • Guest
Re: URL:mal
« Reply #3 on: July 14, 2015, 10:53:37 AM »
Ragazzi ho lo stesso identico problema che non riesco a risolvere, ho eseguito adwcleaner e Mbam.. ma nulla.. allego i log di FRST64  , qualcuno mi aiuti non so piu cosa fare  :'(

REDACTED

  • Guest
Re: URL:mal
« Reply #4 on: July 14, 2015, 11:25:41 AM »
 essexboy saresti così gentile da aiutare anche me? sembra che il tuo metodo funzioni egregiamente. grazie mille

Offline Giony

  • Poster
  • *
  • Posts: 598
Re: URL:mal
« Reply #5 on: July 14, 2015, 11:58:58 AM »
Ragazzi ho lo stesso identico problema che non riesco a risolvere, ho eseguito adwcleaner e Mbam.. ma nulla.. allego i log di FRST64  , qualcuno mi aiuti non so piu cosa fare  :'(
puoi dire quale versione hai di avast? Programma versione attuale, la 10.3.2223 ?
Windows 10 Pro x64  -  Avast Internet Security 2016.11.2.2254  -  Mbam  -  HitmanPro  -  Ccleaner  -  Chrome

Offline giogio

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4088
Re: URL:mal
« Reply #6 on: July 14, 2015, 12:10:37 PM »
essexboy saresti così gentile da aiutare anche me? sembra che il tuo metodo funzioni egregiamente. grazie mille
Per favore la prossima volta apri un nuovo topic senno non si capisce più niente se 2 persone devono essere aiutate nello stesso topic.
Ho chiesto ad essexboy di controllare i tuoi log

ciao
Prima di scrivere sul forum per favore leggi le istruzioni qui https://forum.avast.com/index.php?topic=144453.0
Non inviatemi MP per supporto,grazie-No support PM please
Home: E8400-4GB RAM-500GB HDD-Win10.0.15063x64-Avast! Free 17.3.2291-CryptoPrevent-MBAM 2.2free-Chrome 57(uBlock origin)-TB52
Work: i5-2400-4GB RAM-500GB HDD-Win 7sp1x64-Avast!Business Security 12.3.2515,     
Cloud Console 2.18
-FF52-TB52

REDACTED

  • Guest
Re: URL:mal
« Reply #7 on: July 14, 2015, 12:30:01 PM »
essexboy saresti così gentile da aiutare anche me? sembra che il tuo metodo funzioni egregiamente. grazie mille
Per favore la prossima volta apri un nuovo topic senno non si capisce più niente se 2 persone devono essere aiutate nello stesso topic.
Ho chiesto ad essexboy di controllare i tuoi log

ciao

ho la versione 2015.10.2.2218, ho fatto scansione e scansione all'avvio ma non risolve

Offline Giony

  • Poster
  • *
  • Posts: 598
Re: URL:mal
« Reply #8 on: July 14, 2015, 12:34:50 PM »
ho la versione 2015.10.2.2218

c'è la nuova versione 2015.10.3.2223 che dovrebbe prevenire questa problematica del URL:mal
Prova ad aggiornare il programma manualmente.


Windows 10 Pro x64  -  Avast Internet Security 2016.11.2.2254  -  Mbam  -  HitmanPro  -  Ccleaner  -  Chrome

REDACTED

  • Guest
Re: URL:mal
« Reply #9 on: July 14, 2015, 12:46:04 PM »
ho aggiornato all'ultima versione ma non risolve nulla, aspetto il fix di Essexboy

Offline Giony

  • Poster
  • *
  • Posts: 598
Re: URL:mal
« Reply #10 on: July 14, 2015, 12:50:46 PM »
ho aggiornato all'ultima versione ma non risolve nulla, aspetto il fix di Essexboy

ho scritto che "dovrebbe prevenire" e non ho scritto "curare".

volevo sapere se tu avevi già l'ultima versione per vedere se quest'ultima versione previene questo tipo di problematica, perchè sembra che questa nuova versione dovrebbe impedire attacchi di URL:Mal.
« Last Edit: July 14, 2015, 12:55:35 PM by Giony »
Windows 10 Pro x64  -  Avast Internet Security 2016.11.2.2254  -  Mbam  -  HitmanPro  -  Ccleaner  -  Chrome

REDACTED

  • Guest
Re: URL:mal
« Reply #11 on: July 14, 2015, 01:40:56 PM »
Tutto questo bar una linea è solo ripulire :)
Fammi sapere se gli avvisi cessare

All this bar one line is just tidying up :)
Let me know if the alerts cease
.....

Thank's a lot. It worked!!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: URL:mal
« Reply #12 on: July 14, 2015, 04:52:09 PM »
Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Remove tools

Download and run Delfix
Select the options as shown


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme  ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe  :wave:

REDACTED

  • Guest
Re: URL:mal
« Reply #13 on: July 14, 2015, 04:55:04 PM »
Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Remove tools

Download and run Delfix
Select the options as shown


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme  ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe  :wave:


Essexboy can you help me please? in Posts: 4 I have attached my log ... thank you!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: URL:mal
« Reply #14 on: July 14, 2015, 05:02:46 PM »

@mludovico86

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
C:\ProgramData\bcdret.bat
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that