Virus: http:\\wpad.browserupdatecheck.in/wpad.dat

[REDACTED]

My avast free antivirus is reporting this..I am facing this problem from two days..i have tried using  maleware removing programs..this shit is not getting removed


Infection details:
URL: http://wpad.browserupdatecheck.in/wpad.dat
Infection: URL:Mal
Process: C:\Program Files\AVAST Software\Avast\avastui.exe

[essexboy]

Hi this first run will not clear it as I may need to do a search after

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Select  additions at the bottom
• Press Scan button.
  
  
• It will produce a log called FRST.txt in the same directory the tool is run from. 
  
• Please attach both logs generated.

[REDACTED]

Ok sir..thanks

[REDACTED]

Please  untick use download manager option

FRST.txt  - http://www.datafilehost.com/d/842b8d5b
Addition.txt -http://www.datafilehost.com/d/31d08cb9

dropbox links:

FRST.txt  -https://www.dropbox.com/s/6ja7l6mnp00id36/Addition.txt?dl=0
Addition.txt -https://www.dropbox.com/s/97alv4oi52dbifo/FRST.txt?dl=0

[essexboy]

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
FF Extension: XUL Cache - C:\Users\nikhil1994\AppData\Roaming\Mozilla\Firefox\Profiles\wjqelr1l.default\Extensions\{7c0f957d-e22b-492b-9c15-abac029fd06f} [2015-05-03]
2015-07-23 18:27 - 2015-07-23 21:31 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2015-07-23 18:00 - 2015-07-23 20:57 - 00000024 _____ C:\autoexec.bat
2015-07-19 13:57 - 2015-07-19 13:57 - 00004216 _____ C:\Windows\System32\Tasks\Winupdate
2015-07-19 13:57 - 2015-07-19 13:57 - 00004194 _____ C:\Windows\System32\Tasks\EssentialUpdateMachine
2015-07-19 13:57 - 2015-04-25 14:48 - 00295424 _____ (Groom-A-Zebu (tm) ) C:\Windows\system32\ysxja.exe
2015-07-19 13:57 - 2015-04-25 14:48 - 00295424 _____ (Groom-A-Zebu (tm) ) C:\Windows\cygavb.exe
2015-07-19 13:57 - 2013-12-05 18:06 - 00003542 _____ C:\Windows\mstdcvtr.bat
2015-07-19 13:57 - 2013-06-05 18:08 - 00004122 _____ C:\Windows\plofgye
2015-07-19 13:57 - 2013-06-05 18:07 - 00004194 _____ C:\Windows\soxe
2015-07-19 13:57 - 2013-06-05 18:06 - 00000038 _____ C:\Windows\initcvtr.bat
Task: {8330E629-B511-4FA9-A71E-9F2B04969294} - System32\Tasks\EssentialUpdateMachine => chp.exe <==== ATTENTION
Task: {E300F6AA-5165-43B2-A763-076CE20F1350} - System32\Tasks\Winupdate => chp.exe <==== ATTENTION
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.
  

________________________________________________________________________________________


Having done that we will now search for the main miscreant :

Start FRST and copy/paste the following into the search box
Click search registry and attach the resultant log

browserupdatecheck.in;wpad.dat

[REDACTED]

I think we have found the mischief in search.txt in registry

AdwCleaner[S1].txt- https://www.dropbox.com/s/1md9xzh4qh214o4/AdwCleaner%5BS1%5D.txt?dl=0
Fixlog.txt -  https://www.dropbox.com/s/qnonrxbu3tsxo7g/Fixlog.txt?dl=0
Search.txt-  https://www.dropbox.com/s/ltxhg0qcp7qz2ro/Search.txt?dl=0

[essexboy]

Right click this link https://dl.dropboxusercontent.com/u/73555776/tcpip.reg and select save target as.....
Save to your desktop as tcpip.reg
Double click this file an allow to merge, accept the warnings
Reboot and the alerts should be history

[REDACTED]

Great Sir..problem fixed!!I think mischief was in registry..but will this problem come in future

[essexboy]

No this sort of thing comes in spurts and the latest attack has now wound down


Remove tools

Download and run Delfix
Select the options as shown

[REDACTED]

I am also having this issue.

Please help

Ted

[essexboy]

Please download and run FRST

[REDACTED]

I have run the frst.exe and I have both txt files on my desktop.  Spyhunter is identifying frst as malware.

Ted

[mikaelrask]

hey tberts54 please attach the logs here so essexboy can have look at them second why do you run spyhunter? im no expert but if i get it right the reputation of spyhunter can be question. antivirusprogams will be pop up on frst seens it will update almost daily but its safe to use.

[REDACTED]

spyhunter appeared in most of the forum articles as an effective removal tool.  I was apprehensive always. I initially decided not to spend the $40 for the program, but they offered the product for $10 when I went to uninstall the program. I ran it with marginal results. I have had good 2-way communications with their tech support staff.  Even 2 remote intervention sessions.  At this point they say they can find nothing.  AVAST and Malwarebytes don't report problems, but AVAST reports malware hits about twice an hour.  Very curious why scans are not finding it, but webshield reports it so often.

I do appreciate your assistance, and will probably allow the spyhunter subscription to expire.

Trying to attach the 2 txt files from the FRST scans, not seeing an attach button. 

Ted

[REDACTED]

OK Attachments here