Avast popups with bitcoin blocked [resolved]

Hello everyone,

On Windows 8, I have repetitive avast popups alerting me for several blocked infection like these :

URL : http://bookmakers55.free.fr/Bitcoin/1/explorer.exe
or
URL : http://bookmakers55.free.fr/Bitcoin/1/API.class
Infection : URL:Mal
Process: C:\Windows\System32\svchost.exe

I made several scan, a complete one with avast on boot, and with Malwarebytes, RogueKiller, Spybot-S&D. Don’t know what else to do, thanks to help me.

follow instructions and attach requested logs http://forum.avast.com/index.php?topic=53253.0

we need Malwarebytes / OTL / aswMBR logs

Monitoring …

I personally do not recommend the use of RogueKiller (especially not on Windows 8 ) just as diagnosis because RK is a very powerful tool that does not always recognize what is good and what is bad.

Spaybot is in the past … got run over by time itself.

Thanks for your answer, here are my logs of Malwarebytes (the last log did not report any problem so I attached the last 3 logs) and OTL. Can’t use aswMBR it crashes on Windows 8

Hi Odjavel,
Why did not you tell us that you used AdwCleaner. Find and post here his first and main logreport for review.

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

:COMMANDS [CREATERESTOREPOINT]

:FILES
ipconfig /flushdns /c
C:\Users\Franck\AppData\Roaming\mozilla\firefox\profiles\mmkkbfgb.Franck\extensions{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
C:\Users\Franck\AppData\Roaming\mozilla\firefox\profiles\mmkkbfgb.Franck\extensions{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
C:\Program Files (x86)\sUUrfa and akeep
C:\Program Files (x86)\YoutubeAdblocker
C:\Windows\SysWow64*.tmp
C:\Windows*.tmp

:OTL
O2:64bit: - BHO: (sUUrfa and akeep) - {3131C50B-3F9A-FAA1-199A-207BD227D2DD} - C:\Program Files (x86)\sUUrfa and akeep\7PMlIp.x64.dll File not found
O2:64bit: - BHO: (YoutubeAdblocker) - {4B3C1234-42FE-8779-64B1-4DB51597CBA9} - C:\Program Files (x86)\YoutubeAdblocker\F141XcF.x64.dll File not found
O2 - BHO: (sUUrfa and akeep) - {3131C50B-3F9A-FAA1-199A-207BD227D2DD} - C:\Program Files (x86)\sUUrfa and akeep\7PMlIp.dll File not found
O2 - BHO: (YoutubeAdblocker) - {4B3C1234-42FE-8779-64B1-4DB51597CBA9} - C:\Program Files (x86)\YoutubeAdblocker\F141XcF.dll File not found

:COMMANDS
[EMPTYTEMP]

[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log

I’m sorry I’ve forgotten to mention AdwCleaner, as I tried several things found on the solutions I read on internet ; here is his first log. I also tried TDSSKiller, I also attach its first log.

I applied your fix with OTL, and since the PC has rebooted, it seems that the problem has disapeared ! Its log in attachment. Many thanks for your help and your efficiency ! :smiley:

Do you think I can definitely remove the files moved by OTL ?

Hi,
Posted TDSSKiller log is clean.

Do you think I can definitely remove the files moved by OTL ?

The following will implement some post-cleanup procedures:

Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

All is done and clean, thanks a lot for your help ! :slight_smile: