URL:Mal

[rbabyak]

When using IE, I keep getting the following popup from Avast.  I'm running the Free version. It's extremely annoying. If I use Firefox, I don't have this pop up. Please advise how it can be fixed.

You just dodged a bullet
You may be wondering how you ended up with a virus, especially if you were visiting a ‘normal’ site. The latest research from the avast! Virus Lab shows that more than 80% of malware (viruses, spyware, and the like) spreads through legitimate websites, with only 1% coming from suspicious or ‘dodgy’ sites.

Good thing avast! had your back.

URL: "http://includeit.info/scripts/inl_dmmtc/inldmmtch.js
Process: "C:\Program Files\Internet Explorer\iexplore.exe
Infection: "URL:Mal"

[Asyn]

http://zulu.zscaler.com/submission/show/dfd2a87690c5f29f63f5617e40d2b775-1339435717

[brilleaben]

I'm having the same problem, but in FF13. Did you resolve yours? A french and german dude(tte) seem to have the same problem, but otherwise Google returns so search results. It happens every single time I refresh and also other times.

[rbabyak]

No, mine hasn't been resolved and no one has come up with any suggestions. I'm seeing tons of posts on the same problem.

Someone, help please!!! This is so annoying and Avast doesn't appear to be concerned about people using their free version. With this type of support, I certainly am not motivated to purchase a full version.

[DavidR]

@ rbabyak
- Please 'modify' your post change the URL from http to hXXp, to break the link and avoid accidental exposure to suspect sites, thanks.

Do you happen to be trying to connect to that website ?

Avast isn't the only one to consider that site malicious/suspicious http://sitecheck.sucuri.net/results/includeit.info, though the site appears to have been taken down by the host.

If you aren't trying to connect to that site, then there is a possibility that your browser may have been exploited to redirect to malicious sites.
- This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

[rbabyak]

Here is the OTL file you requested.

I ran the scan as instructed. Since you didn't request the extras file, I am not attaching it.

[DavidR]

I didn't specifically request anything other than you read the information and attach the log(s), which include more than just OTL so that a specialist can analyse them. I'm just preparing the ground.

[rbabyak]

I sent the OTL log and am running the aswMBR scan. It's been running for a long time and appears to have stopped without completion. It's been on the same file for over 45 minutes.

Please advise.

[DavidR]

I would stop it and run it again, but in the AV Scan selection, rather than Quick, select None, that should hopefully at least allow it to complete. You can also attach the extras.txt, since OTL is complete.

[essexboy]

There is not a great deal showing there - I will need the aswMBR log

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Documents and Settings\PC1\Application Data\Complitly\Complitly.dll (SimplyGen)
  O3 - HKU\S-1-5-21-4006778571-1867818608-3964762099-1004\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
  O4 - HKU\S-1-5-21-4006778571-1867818608-3964762099-1004..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://connectwisepartnersummit.com/breakout-sessions/i-want-more-than-connectwise-reports-and-dashboards/" File not found
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[DavidR]

Thanks for joining the topic essexboy.

[rbabyak]

Attached are the Extras.txt, MBR.dat and aswMBR.txt files.

[davidle]

I've got this problem too! Hope it gets fixed for you, then I might give it a go.

[davidle]

btw I'm using Chrome, would it have something to do with JavaScript console???

[Asyn]

I've got this problem too! Hope it gets fixed for you, then I might give it a go.

Please start a new topic and attach your logs.
You can't use the advice given here, as it's only relevant for the OP's system.

Edit: Typo.