I started to have problem with uncontroled download and upload from my IP and I installed PC Tools Firewall Plus. Among others he shows me internet comunication of Avast antivirus and something called Avast service. Avast service is constantly downloading something at rate of approx 250 MB per day. This to much in any case, I don’t know what is it, but I do know it is not update.
How does that compare with your other downloads ? I think you are looking at webshield here as everything you download goes through webshield for scanning. So every web page and download you do will be recorded as belonging to Avast
I don’t have any downloads at all. I am talking what computer is turned on without any programs, downloads, updates or similar things started. If it is something that goes through Avast and how can I stop this?
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Click on Minimal Output at the top
[*]Click on Scan all users
[*]Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select “Save”
[*]Double click inside the Custom Scan box at the bottom
[*]A window will appear saying “Click Ok to load a custom scan from a file or Cancel to cancel”
[*]Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
[*]Select scan.txt and click Open. Writing will now appear under the Custom Scan box
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
It appears you may have used an infected USB at some stage, however, I can see nothing that would explain all the traffic. Apart from IE being allowed to accept info delivery so I will close that
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O2 - BHO: (no name) - {64182481-4F71-486b-A045-B233BD0DA8FC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O33 - MountPoints2\{be3f970b-8a6c-11df-abae-ab118cf26dd9}\Shell\Explore\Command - "" = WScript.exe .\6942.vbs
O33 - MountPoints2\{be3f970b-8a6c-11df-abae-ab118cf26dd9}\Shell\Open\Command - "" = WScript.exe .\6942.vbs
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.