Author Topic: virus warning: redirector.gvt1.com  (Read 4275 times)

0 Members and 1 Guest are viewing this topic.

Offline spinningpandas

  • Newbie
  • *
  • Posts: 6
virus warning: redirector.gvt1.com
« on: December 21, 2015, 01:37:36 PM »
Hi! Avasti keeps detecting this as a virus:

URL: http://redirector.gvt1.com/crx/blobs/QwAAAHF3InbmK-
wFIemaY3I3BCOrQhs58MSM0PACaKZwzi...

Infection: URL:Mal

Process: C:\Windows\System32\svchost.exe

Would you be able to advise me? Thank you!!


Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31363
  • Watching (over?) you
    • Malware removal, Biljart and other things.

Offline spinningpandas

  • Newbie
  • *
  • Posts: 6
Re: virus warning: redirector.gvt1.com
« Reply #2 on: December 21, 2015, 03:36:51 PM »
Hi, attached are all the logs as requested.

Thanks for helping!

Offline spinningpandas

  • Newbie
  • *
  • Posts: 6
Re: virus warning: redirector.gvt1.com
« Reply #3 on: December 21, 2015, 03:38:14 PM »
logs continued

Offline spinningpandas

  • Newbie
  • *
  • Posts: 6
Re: virus warning: redirector.gvt1.com
« Reply #4 on: December 21, 2015, 03:38:50 PM »
logs continued

Offline spinningpandas

  • Newbie
  • *
  • Posts: 6
Re: virus warning: redirector.gvt1.com
« Reply #5 on: December 21, 2015, 03:40:33 PM »
logs continued

thanks so much!!

Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: virus warning: redirector.gvt1.com
« Reply #6 on: December 21, 2015, 04:12:42 PM »
Let me know if this stops it

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-1275140972-3221524313-362126370-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=Pkg2M_7jUVliclyV0osjf4lQJuk?q={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-09-01] ()
2015-12-12 21:14 - 2014-11-17 19:28 - 00000000 ____D C:\ProgramData\AVG
2015-12-12 21:14 - 2010-11-26 11:14 - 00000000 ____D C:\ProgramData\MFAData
2015-12-12 21:04 - 2010-06-14 13:52 - 00000000 ____D C:\Program Files\AVG
Task: {1A1C4706-BB85-4D4A-82DF-C2DDD8FF7339} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2B750266-0A48-4FB4-A807-6025A1E751FC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {43484007-F67C-4A4F-A048-22EA397773E9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {46C83267-5453-4C30-9A7E-AFE20DC0964B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6DAFCDC7-A990-4D48-9CF6-EC3B84DDCC8D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {776B7AA5-0E16-4330-9C62-0BF61DB7047A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {80F0E3BA-6085-4F37-B29E-3BC572AD0227} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8CFA9875-F0E1-45E3-92D0-AA7731CE412D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B6CA2999-7B54-43D3-B5DD-777123912043} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BBE472F3-76BA-4074-A1A2-821B97C4CD2C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C0E8778A-0C30-431C-B6F6-8B7F0D0ABE97} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

Offline spinningpandas

  • Newbie
  • *
  • Posts: 6
Re: virus warning: redirector.gvt1.com
« Reply #7 on: December 22, 2015, 12:59:48 PM »
in the midst of using adwcleaner, but FRST log attached