Author Topic: avast keeps blocking an http://wpad.browsersecurity.info/wpad.dat infection  (Read 22873 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: avast keeps blocking an http://wpad.browsersecurity.info/wpad.dat infection
« Reply #45 on: February 16, 2016, 11:14:38 AM »
Sadly, no. As soon as the comp restarted it generated the first threat message (attached) and then, shortly thereafter, when Is tarted Outlook, it geerated the second.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: avast keeps blocking an http://wpad.browsersecurity.info/wpad.dat infection
« Reply #46 on: February 16, 2016, 05:05:15 PM »
Looking at that you have something within outlook that is regenerating the wpad..  Probably and infected e-mail

I see that it is the same site .. We need to re-search the registry again to locate it


REDACTED

  • Guest
Re: avast keeps blocking an http://wpad.browsersecurity.info/wpad.dat infection
« Reply #47 on: February 19, 2016, 01:21:10 PM »
Do you want me to do the same registry search as before? The same outlook has been running the whole time and generating some of these threat detected errors, but it hasn't shown up in the registry searches, so I'm not sure how doing the same search will help? Or do you want me to run some other kind of registry search?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: avast keeps blocking an http://wpad.browsersecurity.info/wpad.dat infection
« Reply #48 on: February 19, 2016, 02:34:18 PM »
Yes but this time just look for

wpad

It will be bigger this time

REDACTED

  • Guest
Re: avast keeps blocking an http://wpad.browsersecurity.info/wpad.dat infection
« Reply #49 on: February 22, 2016, 02:00:01 PM »
Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
Ran by J (2016-02-22 04:42:11)
Running from C:\Users\J\Downloads
Boot Mode: Normal

================== Search Registry: "wpad" ===========

[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\66E\52C64B7E]
"@%SystemRoot%\system32\winhttp.dll,-101"="WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol."
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-1a-70-e1-b3-6b]
"WpadDecisionReason"="1"
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-1a-70-e1-b3-6b]
"WpadDecisionTime"="0xB7A206486D6DD101"
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-1a-70-e1-b3-6b]
"WpadDecision"="0"
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1CE75CBD-6F8C-4D69-AE6E-90D60EDCBC5A}]
"WpadDecisionReason"="1"
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1CE75CBD-6F8C-4D69-AE6E-90D60EDCBC5A}]
"WpadDecisionTime"="0xB4A77A9AF75FD101"
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1CE75CBD-6F8C-4D69-AE6E-90D60EDCBC5A}]
"WpadDecision"="0"
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1CE75CBD-6F8C-4D69-AE6E-90D60EDCBC5A}]
"WpadNetworkName"="Unidentified network"
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6FDF2C48-F807-44D9-B3CA-286B311C7367}]
"WpadDecisionReason"="1"
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6FDF2C48-F807-44D9-B3CA-286B311C7367}]
"WpadDecisionTime"="0xB7A206486D6DD101"
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6FDF2C48-F807-44D9-B3CA-286B311C7367}]
"WpadDecision"="0"
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6FDF2C48-F807-44D9-B3CA-286B311C7367}]
"WpadNetworkName"="Jonnie"
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FAAA32C6-8944-40E1-BED1-D68D1188276E}]
"WpadDecisionReason"="1"
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FAAA32C6-8944-40E1-BED1-D68D1188276E}]
"WpadDecisionTime"="0x977E203D775DD101"
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FAAA32C6-8944-40E1-BED1-D68D1188276E}]
"WpadDecision"="0"
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FAAA32C6-8944-40E1-BED1-D68D1188276E}]
"WpadNetworkName"="Unidentified network"
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Classes\Local Settings\MuiCache\66E\52C64B7E]
"@%SystemRoot%\system32\winhttp.dll,-101"="WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol."
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001_Classes\Local Settings\MuiCache\66E\52C64B7E]
"@%SystemRoot%\system32\winhttp.dll,-101"="WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol."
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\66E\52C64B7E]
"@%SystemRoot%\system32\winhttp.dll,-101"="WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol."
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]

====== End of Search ======

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: avast keeps blocking an http://wpad.browsersecurity.info/wpad.dat infection
« Reply #50 on: February 22, 2016, 04:14:57 PM »
It is something within outlook that is triggering this..  Have you deleted your junk files and emptied the trash folder

REDACTED

  • Guest
Re: avast keeps blocking an http://wpad.browsersecurity.info/wpad.dat infection
« Reply #51 on: February 23, 2016, 10:17:12 AM »
Yes I've emptied the trash and there's nothing in the junk folder.

There is a lot of other mail in my Inbox. I wouldn't know what to look for.

But how could the root cause of the wpads be Outlook since Avast still generates these alerts when Outlook isn't running and also generates them associated with other files (svchost etc.) some of which I've posted in this thread.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: avast keeps blocking an http://wpad.browsersecurity.info/wpad.dat infection
« Reply #52 on: February 23, 2016, 04:03:13 PM »
Wpad data is generally initiated from either the registry or a network associated file

It is not in the registry

Therefore one of the network associated files is calling that address

Are any other computers using your router experiencing the same problem

REDACTED

  • Guest
Re: avast keeps blocking an http://wpad.browsersecurity.info/wpad.dat infection
« Reply #53 on: February 24, 2016, 03:02:40 AM »
I only have one computer, so there's not another computer on the network to test. Here is the weirdest threat detected error to date. Avast thinks that Avast is a threat?

Anyway, I'm not sure what my next step is now?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: avast keeps blocking an http://wpad.browsersecurity.info/wpad.dat infection
« Reply #54 on: February 24, 2016, 03:53:11 PM »
Do you know how to reset your router ?

REDACTED

  • Guest
Re: avast keeps blocking an http://wpad.browsersecurity.info/wpad.dat infection
« Reply #55 on: February 27, 2016, 12:56:17 PM »
Uh, well, I've reset the router and now that has created its own nightmare since it's reset it to factory settings and for some reason I'm not able to connect to the router's setup page to set up wifi. So, I no longer have wifi in addition ot my other problems.

But the wpad messages have not stopped.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: avast keeps blocking an http://wpad.browsersecurity.info/wpad.dat infection
« Reply #56 on: February 27, 2016, 01:01:14 PM »
What is the make of router ?

REDACTED

  • Guest
Re: avast keeps blocking an http://wpad.browsersecurity.info/wpad.dat infection
« Reply #57 on: February 28, 2016, 05:00:32 AM »
I'll sort the router problem out somewhere else. Can you help me resole the wpad problem?

I will say, if it's relevant, that the machine has been experiencing one other very troublesome behavior. It started a couple of weeks before the wpad problem but I'm not sure if it's related. Different applications often "fight" for focus -- that is, I will be, for example, writing something in a web browser, and suddenly another application will be brought to the foreground, for example an open Word file and the focus will switch to that application. Sometimes I have to switch back to what I was working manually, and sometimes it will switch back on its own a few seconds. Sometimes it's just one switch, and sometimes it starts rapidly flickering and I have to either wait it out or actively click on some other application in the task bar to stop the flickering and access what I'm working again. Along with this the task bar often refreshes, reloading the application icons and sometimes changing their order.

I have been suspecting that this some sort of Windows Explorer corruption, but I haven't been able to track it down. Along with the frequent, sometimes constant wpad threat popups, it makes my computer working environment extremely challenging. I have been assuming that the two problems aren't connected, but since you haven't been able to track down the wpad problem, I'm wondering if there is some kind of hard drive error, or something else that is creating both sets of problems.

I would also like to know, if we are sure that there isn't a wpad threat after all, if there's any way to disable these popups without disabling all Avast warnings. And is that advisable?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: avast keeps blocking an http://wpad.browsersecurity.info/wpad.dat infection
« Reply #58 on: February 28, 2016, 12:48:04 PM »
I would now recommend a repair install of windows 7 ...  The details are here  http://www.sevenforums.com/tutorials/3413-repair-install.html   read them and let me know what you think