system
1
Hey there,
I’ve recently been having issues with Avast constantly detecting svchost.exe as URL:MAL, some places I’ve checked said this is a false positive, but I just want to be sure, so I came here.
I’ve already used Avast scan itself and Malwarebytes Anti-Malware Premium to try fix this issue, but the message still seems to be coming up every now and then consistently. I had a few infections quarantined by MBAM, here’s the log, however do note Avast still seems to be detecting the svchost.exe as malware:
Thanks in advance for any help.
Asyn
2
Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0
system
3
Hello Asyn,
I’ve attached all the logs in the OP. I’ve attached two MBAM, one for the scan before creating this thread (“MBAM”) and one after (“MBAM2”), just for any additional information that might be useful.
system
4
Update MBAM, then run the scan again, then attach it to your post. It appears that you did a custom scan.
system
5
After you post your new MBAM scan, one of the malware removal specialists will take a look at your logs sometime in the day or evening, depending on where they live in the world. Please be patient. In the meantime, don’t sync your phone with your PC if you do and take it off the iCloud for now until we know things are OK. Do you have any questions?
system
6
MBAM added, all attachments are in this post.
@SafeSurf - Gotcha, thanks for your help!
system
7
You’re welcome. So now we wait for a malware specialist to assist. Thank you for your logs. 
system
8
Alright, thank you for your assistance also. ;D
Hi,
First you need to uninstall from Control Panel / Programs and Features the following bad PUP/AdWare:
FindBesteDeeal
UpdateChecker
Next …
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
File: C:\Users\Zahbia\Downloads\7693vA3\7693vA3\AFUDE238.exe
CMD: bitsadmin /reset /allusers
Hosts:
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-1477093328-2730021769-2087165081-1000\...\MountPoints2: {6be6ebb2-74cd-11e3-869d-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-1477093328-2730021769-2087165081-1000\...\MountPoints2: {e8235206-7961-11e3-b957-00e04c0781fb} - E:\setup.exe
AppInit_DLLs-x32: c:\progra~2\sw-boo~1\assist~1.dll => "c:\progra~2\sw-boo~1\assist~1.dll" File Not Found
AppInit_DLLs-x32: c:\progra~2\gssupp~1\assist~1.dll => "c:\progra~2\gssupp~1\assist~1.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: No Name -> {2357991F-F213-A49A-7EA1-DD7330E1F477} -> No File
BHO: TrustedShopper -> {BBE09607-D9BF-4B2E-88C2-C8D5DF7A7D37} -> C:\Program Files (x86)\SqueakyChocolate\TrustedShopper\adxloader64.dll ()
BHO: No Name -> {D72BEA76-EF2F-1956-4B38-0B007BB0BE50} -> No File
BHO-x32: No Name -> {2357991F-F213-A49A-7EA1-DD7330E1F477} -> No File
BHO-x32: TrustedShopper -> {BBE09607-D9BF-4B2E-88C2-C8D5DF7A7D37} -> C:\Program Files (x86)\SqueakyChocolate\TrustedShopper\adxloader.dll ()
BHO-x32: No Name -> {D72BEA76-EF2F-1956-4B38-0B007BB0BE50} -> No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Task: {2577D185-5AC9-4617-8934-AE7E14DCE248} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Zahbia\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [X]
Reboot:
C:\Users\Zahbia\AppData\Local\Temp
2014-07-17 05:40 - 2014-05-22 16:14 - 00000000 ____D () C:\ProgramData\ROboSeaver
2014-07-17 05:40 - 2014-04-21 14:33 - 00000000 ____D () C:\ProgramData\FindBesteDeeal
2014-07-17 05:40 - 2014-04-16 13:12 - 00000000 ____D () C:\ProgramData\saaVeu nett
2014-07-17 05:40 - 2014-04-15 16:39 - 00000000 ____D () C:\ProgramData\savae net
2014-07-17 05:40 - 2014-03-21 17:40 - 00000000 ____D () C:\ProgramData\JoniCouPaon
2014-07-17 05:40 - 2014-03-10 17:50 - 00000000 ____D () C:\ProgramData\DiscountEXtennsI
C:\Users\Zahbia\AppData\Local\FilesFrog Update Checker
C:\Program Files (x86)\Mobogenie
c:\progra~2\sw-boo~1
c:\progra~2\gssupp~1
C:\Program Files (x86)\SqueakyChocolate
C:\Users\Zahbia\jagex_cl_runescape_LIVE.dat
C:\Users\Zahbia\jagex_cl_runescape_LIVE1.dat
C:\Users\Zahbia\random.dat
C:\Program Files (x86)\Hotspot Shield
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
.
Then …
Please download zoek by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
QuickScan;
Uninstall-List;
AutoClean;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
system
10
Fixlog and zoek results attached.
Good. Now run this zoek-script and post me the fresh created zoek log after reboot;
C:\Users\Zahbia\Downloads\7693vA3\7693vA3;vs
CHRDefaults;
AutoClean;
Then tell me, are the avast! warning still occurs?
system
12
Zoek results attached. So far so good - No warnings yet.
Cool. Monitor that, will you.
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
system
14
You’re awesome. Have also completed the DelFix scan.
Seems all good now. Thanks! 