I started up my pc today and went into chrome, after that i got a pop up from avast telling me that it has blocked a malicious url.i did a quick scan with avast and it detected nothing, then i scanned with mbam and still nothing and after that a boot time scan with avast and still nothing, also had sensitivity set to high just in case.a friend of mine told me he had the same exact problem and it turns out that the malware was redirecting us both to the same website.after i connected to the internet and went on chrome again i had the exact same thing happen only that this time with 75 alerts instead of 1 and this time it said that it was avastui.exe instead of chrome.exe being infected.
What are the chances of this being a false positive?i’m on the phone right now so i can’t provide logs sadly.the website is hXXp://82.77.159.237//__utm.gif?utmn and a string of numbers and letters.any help would be appreciated. Thank you.
Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0
Monitoring…
I can’t really provide logs right now as i’m afraid that connecting my pc to the internet right now might compromise my data.any chance that someone might do some research on this malicious url please? If there’s anyone with the same problem lurking on this forum then please say something as i could really use some advice on what to do until i’ll be able to provide the logs.also i’m sorry for the horrible grammar but i’m writting this on a phone.
We can’t help you without your logs.
You can also run the tools in safe mode.
Logs
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[]In the main box please paste in the following script:
createsrpoint;
autoclean;
bitsadmin /reset /allusers;b
emptyalltemp;
ipconfig /flushdns;b
[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
I’ve attached the zoek log as requested.Do I actually have malware on my PC or was it something else? Just asking because my friend has the same problem and I’d like to warn him if it’s an actual virus and not just a false positive or a bug.
Thank you for your help.
How is your PC behaving now?
Aside from one threat has been detected pop-up that I got while being on this forum because I clicked on a post titled “SE redirects via hidden malicious iframe” which I think was supposed to do that. My computer hasn’t encountered any more problems, I haven’t had any pop-ups since I used the tools you gave me and everything seems to be back to normal.If I encounter any problems I’ll come back with the details but so far nothing.So was this actual malware or something else?
Yes, you had some Adware, nothing too serious.