[heartbreaker]

hi there, my name in Ajay and since this morning i'm being alerted by avast. 

infection: URL:Mal

process: C:\Windows\System32\svchost.exe

 can anyone help me please?

[Advertisements]

Yep I can are the urls Blackflight and reduled ?

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

 

As soon as the logs have been produced run this very quick FRST fix to silence Avast

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix

[Essexboy]

Yep I can are the urls Blackflight and reduled ?

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

 

As soon as the logs have been produced run this very quick FRST fix to silence Avast

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix

[heartbreaker]

here they are.

Attached Files

•  Addition.txt   27KB   106 downloads
•  FRST.txt   27.18KB   109 downloads

[Essexboy]

It looks as though you are using V7 of Avast, support for this version will cease at the end on the month. I would recommend that you update to the latest version

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKU\S-1-5-21-3916064375-1812797599-2144750406-1001\...\Run: [VoipDiscount] => C:\Program Files (x86)\VoipDiscount.com\VoipDiscount\voipdiscount.exe [23057512 2015-01-15] (VoipDiscount)
HKU\S-1-5-21-3916064375-1812797599-2144750406-1001\...\Run: [Rynga] => "C:\Program Files (x86)\Rynga.com\Rynga\Rynga.exe" -nosplash -minimized
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59923;https=127.0.0.1:59923
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com...q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com...q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3916064375-1812797599-2144750406-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com...q={searchTerms}
2015-04-19 12:51 - 2015-04-19 12:51 - 00000000 ____D () C:\ProgramData\90b31f1800005538
2015-04-19 12:48 - 2015-05-09 13:51 - 00000000 ____D () C:\Users\Sembhi\AppData\Local\20FB79F6-1429447683-4D8B-6087-4E45435F4349
2015-04-19 12:42 - 2015-05-09 13:51 - 00000000 ____D () C:\ProgramData\{b3973c4d-ccbf-93bb-b397-73c4dccbf137}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[heartbreaker]

th log at complation

"Fix completed. The "Fixlog.txt" is saved in the same directory FRST is located"

[Essexboy]

The fixlog should be on the desktop, have the alerts ceased

[heartbreaker]

do i have to post the fixlog?

[Essexboy]

Have the alerts ceased ?

[heartbreaker]

yes

[Essexboy]

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown



: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe

[heartbreaker]

thanks a lot sir 

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.