URL:Mal

[essexboy]

No if you are happy without Firefox then leave it

If you could run an OTL quick scan selecting all users I will check for orphans

[davidle]

Today I am getting warnings for pretty much every page I surf, again using Chrome. Here is a screen shot, https://dl.dropbox.com/u/28272193/warning.jpg

OTL files:
https://dl.dropbox.com/u/28272193/OTL.Txt
https://dl.dropbox.com/u/28272193/Extras.Txt

[essexboy]

Could you attach the OTL log please as it is garbled in drop box

[davidle]

Hope this works.

[DavidR]

It should be OK, though it is now almost 12.30am in the UK so essexboy is probably off line now. So it may be later today before he is able to analyse it.

[davidle]

Thanks for your reply and info DavidR

I thought I'd better attach the other file just incase too.

[davidle]

Extras.txt file attached

[essexboy]

Some VShare remnants to kill

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

  :OTL
  IE - HKLM\..\SearchScopes\{12A2DC1B-BAA9-4713-9658-2924B3159FEC}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=bb799703-1dab-11e1-a6bb-ea7e163ecfb7&q={searchTerms}
  IE - HKU\S-1-5-21-406408613-659197658-631921654-1001\..\SearchScopes,DefaultScope = {12A2DC1B-BAA9-4713-9658-2924B3159FEC}
  IE - HKU\S-1-5-21-406408613-659197658-631921654-1001\..\SearchScopes\{12A2DC1B-BAA9-4713-9658-2924B3159FEC}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=bb799703-1dab-11e1-a6bb-ea7e163ecfb7&q={searchTerms}
  O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\David Le\AppData\Roaming\VshareComplete\64\VshareComplete64.dll (SimplyGen)
  [2011/12/03 22:41:16 | 000,000,000 | ---D | M] -- C:\Users\David Le\AppData\Roaming\VshareComplete
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[davidle]

Here's the OTL log essexboy!

[dobber82]

Hello Essexboy

I am having the very same problem with the same pop ups for every web page I visit in Chrome with the same warnings.

Any chance you can guide me to some help?

Thanks,

David

[davidle]

You have to create your own thread.

[DavidR]

@ dobber82
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and start your own new topic and attach the logs there, not in the LOGS topic.

- Please create your own new topic, here http://forum.avast.com/index.php?board=4.0 in the viruses and worms forum (click the New topic button at the top of the page see image) and we will try and help you there.

[essexboy]

I think I got all the Vshare that time, have the alerts ceased

[dobber82]

Thanks DavidR for the advice. I went ahead and ran all the scans and posted all the logs under my own thread under the worms section and it's called "Malicious URL Blocked Issue (same as problem in davidle thread)".

If you and/or Essexboy could take a look when you get a moment then I would really appreciate it.

[DavidR]

It will be essexboy or one of the other qualified malware removal specialists. I see that jeffce has already picked that one up.