system
September 1, 2014, 9:38am
1
Hi from Italy and thank you for your time and your support.
From a couple of days I have this pop-up with avast:
Infection: URL: Mal
Process: C:\Users.…chriome.exe
Object: http://clickered.com/ …
I would be very grateful if you could help me.
Many thanks
Gianluca
Asyn
September 1, 2014, 9:38am
2
Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0
system
September 1, 2014, 10:49am
3
I’ve attached the log. Thank you
Pondus
September 1, 2014, 10:54am
4
removal team is notified, it may take hours before they are online
Let me know if this stops it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
AppInit_DLLs: C:\PROGRA~3\WINWEB~1\WINWEB~2.DLL => C:\PROGRA~3\WINWEB~1\WINWEB~2.DLL File Not Found
SearchScopes: HKCU - {B8EE1C24-76DA-41DC-8F96-94B33ADC8E47} URL = http://www.only-search.com/?babsrc=SP_kms&affID=129300&tt=&mntrid=4E8DC48508145AEC&tsp=5351&q={searchTerms}&r=250
BHO: AalalSaiver -> {01BE1885-57C1-B7D6-C46A-0FE4D78E2F8C} -> C:\ProgramData\AalalSaiver\tvkPv7.x64.dll No File
BHO: YouTueAddBlOckeerr -> {35BFAE1F-B6AA-A1E7-4652-2C86D5021342} -> C:\ProgramData\YouTueAddBlOckeerr\elb19c.x64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-08-25 14:46 - 2014-08-25 14:48 - 00000000 ____D () C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-25 12:33 - 2014-08-25 12:34 - 00000000 ____D () C:\Users\Gianluca\AppData\Local\Idle~_~Crawler
2014-08-25 12:33 - 2014-08-25 12:33 - 00004598 _____ () C:\windows\System32\Tasks\Idle~_~Crawler Runner
2014-08-25 10:48 - 2014-08-25 10:48 - 01882306 _____ () C:\Users\Gianluca\Downloads\Avast 2050 License Faker by ZeNiX 2014-03-14.rar
2014-08-25 12:33 - 2014-08-25 12:33 - 00004598 _____ () C:\windows\System32\Tasks\Idle~_~Crawler Runner
Task: {26368537-2FD7-41F8-A617-3A54DC6D4563} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~_~Crawler Update => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe <==== ATTENTION
Task: {F8695AEF-0E56-4FA9-A4A7-0976190D496D} - System32\Tasks\Idle~_~Crawler Runner => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe <==== ATTENTION
C:\ProgramData\win_mpwd_sys.dat
C:\Users\Gianluca\AppData\Local\Google\Chrome\User Data\Profile 1\File System\003\t\00
C:\ProgramData\AalalSaiver
C:\ProgramData\YouTueAddBlOckeerr
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan .
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok .
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.