Hi all,
Since two days ago (22/11/2014) Avast has begun displaying this error message: “avast! Web Shield has blocked a harmful webpage or file.”
Upon clicking on the error messages, I was led to an Avast webpage with these details:
URL
hxxp://tsangakha.com/b/opt/288245620E5353051415B64D
Infection
URL:Mal
and
URL
hxxp://bnswhat.su/b/opt/4C61600C102BA7500A6D4218
Infection
URL:Mal
and
URL
hxxp://bnswhat.su/b/opt/1C7EC8079074E2AA8A3207E2
Infection
URL:Mal
The redirected webpage seems to be varying, on the first day it was ‘rumerse.com’.
The affected process is C:\Windows\explorer.exe across all alerts.
These alerts come in bursts of 2 to 4 times every 10 seconds or so.
So far I have scanned using Avast Boot-scan, Spybot S&D, Malwarebytes and AdwCleaner, and have carried out their respective recommended actions. Still, Web Shield continues with these alerts.
I have generated logs according to the To-do stickied thread, attached are the logs from Malwarebytes, FRST and aswMBR. Please pardon the aswMBR log that is kinda clogged up with Log Saves, the scanner kept failing halfway through and that was the only way I could assure I had a log of any kind. Strangely, the scan managed to complete when I kept up with the saves.
EXTRA NOTES: If it helps, there were quite a few suspicious things going on while the aswMBR scan was being done.
-
Avast Antivirus suddenly caught two Win32:Evo-gen infections. However, when I chose ‘Fix Automatically’, the infected file could not be found. When I navigated to the folder in question, the infected file was not there too. SS of incidents are attached in post below.
-
Then, explorer.exe stopped working and had to restart itself. SS is also attached in post below.
Any help is appreciated, and many thanks in advance.