7 blocked threats

Hello, To my mum turned her laptop and she had 7 blocked threats in the last 30 days section. There doesnt seem to be any noticeable changes but i posted here just in case. Thanks for any help in advance.

I’m on it … be right back.

Hello chriskaz1967, welcome to avast! web forum. The posted log does not show the malware presence.

Is the posted MBAM log the first “hit” scan log or secondary? If you have the first scan time log from MBAM, post it please.

Still, I would like to preform the additional ARK check.

Please download GMER, AntiRootKit tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named

Double-clicking to run GMER.

[*]Wait for initial scan to finish - if there is any query, click No;
[*]Click Scan button and wait until the full scan is complete;
[*]Click Save … - save the report to the Desktop (named Gmer1 );

[*]Right-click wherever in the GMER’s window and select Options > 3rd party - click the Scan button;
[*]Please wait until the full scan is complete;
[*]Click Save … button and save report to Desktop (named Gmer2 );
note: time scan for Gmer2 log may take some time

[*]Click the >>> and select Autostart card;
[*]After quick scan, click Copy button;
[*]Open notepad and Paste text. Save report to the Desktop (named Gmer3 )

Attach here all Gmer logreports. (Gmer1; Gmer2 and Gmer3)

Heres the logs

The posted logs does not show the active malware. This PC is malware free.

Delete the GMER (file name as kp1w1kby.exe) and FRST.exe. Also, delete the C:\FRST folder.

You may keep the Malwarebytes software installed if you will.

To my mum turned her laptop and she had 7 blocked threats in the last 30 days section.

Can you tell me what exactly avast! block? You may check the avast protection log here and post it here if you are unshure.
C:\ProgramData\AVAST Software\Avast\report

http s://mb.purplekiwii.com [L] URL:Mal (0)
http s://mb.purplekiwii.com [L] URL:Mal (0)
http ://mb.purplekiwii.com/crossdomain.xml [L] URL:Mal (0)
http ://mb.purplekiwii.com/crossdomain.xml [L] URL:Mal (0)
http ://mb.purplekiwii.com/crossdomain.xml [L] URL:Mal (0)
http ://mb.purplekiwii.com/crossdomain.xml [L] URL:Mal (0)
http ://mb.purplekiwii.com/crossdomain.xml [L] URL:Mal (0)

Ok, I will review your case tomorrow…

Keep FRST & GMER tools for not. Do not remove them yet.

ok thanks for the help

Hello,

I have re-check the logs and I do not see nothing suspicious. I can tell FRST to preform some junk cleaning, this might help but I do not see the real threat. I can also deploy additional check to see the things from different angle if you will with ComboFix.

=>

Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

CMD: bitsadmin /reset /allusers
EmptyTemp:

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

.

=>

  1. Please download ComboFix by sUBs (
    http://www.mcshield.net/personal/magna86/Images/IconComboFix.png
    ) from here and save it to your Desktop.
    [i]If you are unsure how ComboFix works, read this guide.

  1. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
    If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:
• Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
• In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.


  1. Run ComboFix. Then, on disclaimer window, click I Agree! button.

[i][size=7pt]- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.

  • ComboFix will scan your computer in stages, total of 50 stages.
    Do not mouse-click around while ComboFix is running.
  • If malware is detected, ComboFix will begin with its removal, and may need to restart Windows.
    Note:If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
    [/i]

  1. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt)
    => Attach log report (ComboFix.txt) back to topic.

ComboFix shall also create addition log (typical location: C:\Qoobox\ComboFix-quarantined-files.txt)
=> Please attach that report (ComboFix-quarantined-files.txt) as well.

Added logs

Both FRST and ComboFix has been preform some minor fixes but still…there is no malware on board.
I can not fix something if there is nothing to fix. We shall remove all used tools here.

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

ok, thanks for the help.

IP is blacklisted.
http://multirbl.valli.org/lookup/54.186.59.96.html

Malicious websites on the same ASN:
http://urlquery.net/report.php?id=1408901369292