avast is blocking a url on startup. the file associated with this is wscript.exe

hey! i booted up my laptop today and got a popup from avast that it blocked a url:mal and that the file trying to open this url is wscript.exe in windows/system32/
the strange thing is that i havent downloaded anything out of the ordinary yesterday and googling this problem i found that the other people that had this problem had used a usb right before this happened and i havent used a usb in ages. so if anybody knows anything about this please help me out, is this a false positive or what? i cant find anything upon scanning my hdd.
i’m on windows 8.1 64-bit

I will need to look at the computer

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[]Select LOP and Purity
[
]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir “%systemdrive%*” /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

here are the logs, ive installed malwarebyte’s anti-malware and since i installed it avast has stopped warning and blocking and instead malwarebyte is blocking numerous attempts to access different ip’s as url’s but cant find anything on my hdd with malwarebyte either. i hope you find something in these logs

If you want help from EssexBoy it is very important that you do not download, or run any tools/scans etc. unless he requests you to do so.

ok, sorry. i downloaded malwarebyte and ran it before essexboy answered me

I see that you have both adaware antivirus and Avast, I would recommend that you uninstall one of them

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
[2014-02-22 17:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

ok. yeah i installed adaware when i got this problem to see if it could help me but for some reason it wont even let me update the virus definitions. downloads a small percentage then tells me that something hindered it from downloading. but i’m gonna install it when we’re done here. i’ll be right back with the logs

here you go, i included the log from the fix i got on startup

Could you let me know if the alerts cease after this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
[2014-02-10 02:37:20 | 000,120,650 | ---- | M] () (No name found) -- C:\Users\Jimmy\AppData\Roaming\mozilla\firefox\profiles\8qqyrvq6.default\extensions\jid0-5q424C3HVeyE2T4d9bkO7CpXNjU@jetpack.xpi
[2014-02-10 03:03:49 | 000,147,416 | ---- | M] () (No name found) -- C:\Users\Jimmy\AppData\Roaming\mozilla\firefox\profiles\8qqyrvq6.default\extensions\jid0-OeCFXKAPh2tC0bN3Li9ajRAZx6c@jetpack.xpi

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

i havent had any alerts in a while now but they seem to alert randomly, should i still do the last fix or just wait and see if i get any more alerts?

Do the last fix and then run as normal. Let me know if you get any more alerts or not

ok thnx alot for your time, i’ll let you know how it goes but right now it’s looking good.
is there anything you can recommend using along side avast to keep my computer safe?

nope still getting those alerts from malwarebyte

Could you screenshot the MBAM alert please as it should tell me which programme is running it

its in swedish but it says “have successfully blocked access to a possibly malicious website” and the ip changes on every alert.
before i installed malwarebyte i got alerts from avast and there it said the same but from the file wscript.exe in windows/system32/
do you want me to disable malwarebyte and printscreen on the alert from avast? avast didnt get as many alerts as malwarebyte so i’m afraid some of them might slip through

the malwarebyte alarms have almost stopped, before there were alot of them now maybe 1-2 every now and then. but the avast alarms is still coming every time i boot up the computer. so i dont think they are of the same problem. and because i installed malwarebyte today i dont know if the alarms i’m still getting are false positives or something. just wanted to tell you, i hope this helps in some way

UPD: the malwarebyte alarms have stopped. they only popup when i’m on the kickasstorrents website. so i’m pretty sure you solved that problem. but like i said before, i still have the avast alarm every time i boot up the pc

k

Lets try this to see if it notes anything

Download Anti VBS/VBE to your desktop

[]download the appropriate version (32 bit or 64 bit) and double click the file to run it.
[
]After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
[*]Post that report

Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run

i ran it twice because it took 3 seconds and i wasn’t sure if it ran correctly. i rebooted and still got the alert

OK it is not running from a VBS as I initially thought

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now