[maxetnies]

Hello, Lately avast keeps popping up alerts saying that web shield has blocked certain web page or files. whenever I would connect into any internet source or wifi connection, the pop up would keep going but without an internet connection there are no pop-ups coming up.

it says:
Object: https://getmuzicas.info/?....(long url?) 
Infection: URL:Mal
Process: C:\windows\system32\svchost.exe

 

I have read solution such problem in topic 

Avast URL:Mal

by Essexboy

 

In attach files you can find my FRST.txt and Addition.txt from FRST64

Please send me fixlist.txt

Attached Files

•  Addition.txt   40.98KB   237 downloads
•  FRST.txt   109.48KB   114 downloads

[Advertisements]

As you may have noticed on the Avast forum, this either goes quietly or fights us all the way. We do not yet have a good handle on this

After the reboot could you let me know if the alerts are still present

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CMD: ipconfig /release
CMD: netsh int ip reset
CMD: ipconfig /renew
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

[Essexboy]

As you may have noticed on the Avast forum, this either goes quietly or fights us all the way. We do not yet have a good handle on this

After the reboot could you let me know if the alerts are still present

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CMD: ipconfig /release
CMD: netsh int ip reset
CMD: ipconfig /renew
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

[maxetnies]

Good day, Essexboy! Thanks for replay!

 

 

 

But it still keeps popping up such alerts:

1)

avast! Web Shield has blocked a harmful webpage or file.
Object: http://getusaaall.info/?e=pcho....
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

2)

"avast! Web Shield has blocked a harmful webpage or file.

Object: https://getmuzicas.info/?....(long url?) 

Infection: URL:Mal
Process: C:\windows\system32\svchost.exe"

 

Please see in attchment my Fixlog.txt

Attached Files

•  Fixlog.txt   7.13KB   260 downloads

[Essexboy]

OK phase two...

The FRST fix works in about 30% of the cases so far, we believe that the malware is changing with time


Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  http://img.photobuck...claimer_ENG.png

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.
• Notes:
  1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
  
  
  Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[maxetnies]

Thanks! 

Done.

There is  my  ComboFix.txt in attacment

[maxetnies]

file

Attached Files

•  ComboFix.txt   29.73KB   140 downloads

[Essexboy]

Are you still getting the alerts ?

[maxetnies]

I will answer for a half hour for sure.

But at that moment i am not annoing by avast alerts.

[Essexboy]

OK keep me informed please, also could you zip the following folder and attach it to your next post :

 

C:\Qoobox

[maxetnies]

No more alert!!! Thanks a lot.

I try to zip Qoobox, but system dosn't allow me to do it - writes: "access denied"

[Essexboy]

OK I am sure I will get more of these

 

Any further problems before I remove my bits and bobs ?

[maxetnies]

Ok.

No...  thanks. I hope that there is no crime in my laptop anymore =))

[Essexboy]

No, apart from that your log looks clean

 

 

Subject to no further problems  

 

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

 

Now the best part of the day ----- Your log now appears clean 

 

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

 

Download and run Delfix

 

 

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

 

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

 

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

 

 

Malwarebytes.

 

Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

 

To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe 

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.