Blocked threat

I keep getting an annoying pop-up message saying Avast has blocked a threat. It appears to be part of Google Chrome that automatically d/l when I downloaded Avast. I uninstalled Chrome since I didn’t want it in the first place. The pop up is nice enough to try and get me to pay for an upgrade when I click it, but doesn’t offer any realistic help. About ready to uninstall and go get AVG.

Object: http://108.59.10.134/cen?ag=c7eae14ec05c84cb4167420ea8a12ae2-11-0&g=A02
Infection: URL:Mal
Process: C:\USERS\John\AppData\local\GCC\CHROME~1\chrome.exe

I get this message whether there is a browser running or not. A scan shows there are no threats. And I have run a MalwareBytes scan which detected and deleted some supposed malware. I only question that since this is a new set up and the only things done were to download Avast and Windows updates.

Hi,

Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*]Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait for the tool to start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

createsrpoint;
gpt.ini;z 
C:\Windows\System32\GroupPolicy;v
C:\Windows\SysWOW64\GroupPolicy;v 
StandardSearch; 
emptyfolderscheck; 
installer-list; 
installedprogs; 
uninstall-list;

[*]Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

As info:
http://urlquery.net/report.php?id=1395676897817
http://zulu.zscaler.com/submission/show/e8bd8ff5d55553d0fe6cb7486abfd950-1395676786
http://168.144.32.45/blacklist/bl/108.59.10.134.0/#_
http://multirbl.valli.org/lookup/108.59.10.134.html

Here you go.

Re-run Zoek again with this script:

C:\PROGRA~2\Optimizer Pro;fs
C:\PROGRA~2\sweetpacks bundle uninstaller;fs
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"="";r
C:\\PROGRA~2\\SearchProtect;r
autoclean;
emptyalltemp;
emptyclsid
ipconfig /flushdns;b

Try number two.

Thanks for the help, but I’ve solved the issue.

This was installed by an adware program called GigaClicks. The only way I could find to remove it was by downloading a program called FreeFixer. Nothing else I tried to do would allow me to delete the Controller.exe file. It would say that the file was in use even after disabling it in the task manager. Controller.exe would simply restart itself after it was ended.

Hi jscanion,

Freefixer is indeed a good removal tool, but one needs the insight as what to tag and what not.
Good you solved your problem that way. I also have Freefixer and work it once in a while to see what it is reporting and for recent changes on the OS etc.

pol