Threat detected/ aborted connection on 172.86.120.188 infected with URL:Mal

[REDACTED]

Hey All,
 Let me start by saying I appreciate any help given! A few days ago I started getting a message saying threat secured/ aborted connection on 172.86.120. 188 infected with URL:MAL.

Threat name: URL:Mal
URL: http:172.86.120.188/current/runtime.exe
Process C:\windows\system32\svchost.exe
Detected by Web Shield
Status   Connection aborted

I think I followed the instructions in the sticky post and included my log files. Again, any help will be greatly appreciated!!!

[Sass Drake]

This will restart your PC automatically so save your work before doing this.

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

EmptyTemp:

• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

[REDACTED]

Here it is..thanks again!

[Sass Drake]

What is status now?

[REDACTED]

Same message from avast popping up every ten minutes or so.

[Sass Drake]

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

cmd: bitsadmin /list /allusers /verbose
cmd: bitsadmin /reset /allusers

• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

[REDACTED]

Posting now, status is the same just in case you needed that info. Avast warning popping up every ten min or so..Thanks again for helping!

[Sass Drake]

• Please download PowerRun from here.
• Extract it and run PowerRun_x64.exe
• Right click on first entry in list (%SystemRoot%\System32\cmd.exe) and click on Run
• Command Prompt window with SYSTEM privilegies should appear. Type this command and press Enter:

Code: [Select]

bitsadmin /reset /allusers

• Make screenshot of Command Prompt window and attach it here please.

[REDACTED]

Here it is. Ive said before but I really appreciate the help!

[REDACTED]

sorry posted the wrong one..here is the right one ...

[Sass Drake]

Hmm. What is system status now? If same, please read carefully and follow again instructions I wrote.

[REDACTED]

This is what I'm seeing after slowly going step by step..

[Sass Drake]

Are you still getting Avast notifications for blocked URL?

[REDACTED]

Yes I'm still getting them ,thanks!

[Sass Drake]

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

cmd: bitsadmin /list /allusers /verbose
cmd: bitsadmin /reset /allusers

• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.