I am constantly getting a malware-blocked popup in avast as svhost.exe with URL: hxxp://getusaaall.info/?e=pcho&cht=2&dcu=1&cpatch=2&dcs=1&pf=1&unp=Azm9CdOLv7D
I’m running Avast! Pro, which I have run both full scan and bootup scan with in attempt to remove this problem.
I have also run MalwareBytes Pro to no avail.
I’ve had this problem for days and I’m afraid to do any online banking until I can get this problem sorted.
Thank you very much.
Daniel-Joseph.
Hello,
Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Thank you for the quick reply.
Here are the logs:
Also out of curiosity, I’ve noticed a lot of people seem to be having this infection, any word of what this is? should I be concerned for my online bank details? I heard there was a new virus being released with a lot of banks saying customers could be held responsible for their bank security being compromised.
Thank you again.
Edit: Accidently attached logs twice, both are the same so no worries.
I've noticed a lot of people seem to be having this infection, any word of what this is?they are working on it... some bug is trying to connect to that URL .... avast blocks it if connected it will download this .... seems to have a random file name/change with almost evry download
Hope their able to fix it soon. Still getting popups on a 10 minute basis! :S
Hello Daniel-Joseph. I too had a similar problem, and i fixed it by restoring my system. Try it ! Let me know if it’s fixed
Also, what are my next steps now I have attached my logs?
Wait for Magna86, he’ll guide you.
Hello Daniel-Joseph,
You should start task manager and enable the MBAM services you disabled.
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
Currently we have difficulties to solve this problem on Windows 8.1 systems, while on other systems we have a pretty good solution.
The first thing you should do is to uninstall PUP/AdWare program (Start button > Control Panel > Programs and Features) named as MyPC Backup. Then reboot the mashine.
Additionaly, I recommend not to use tools simular as below. Winows 8.1 is freshly coded OS (even different form Windows 8 ) and tools that claims with all green and shiny words and animations that they will accelerate the Windows 8.1 …well that’s a lie. 8.1 is already twiked Windows 7 and any needless action may lead to deceleration.
Advanced SystemCare 7
Regard to system restore, it can fix the problem if system restore exists. But we are trying to locate the source of the problem.
Tell me will this fix (FixList) your problem.
When you execute the FixList, after the system reboot apon fix, go and uninstall Chrome browser completely. Reboot the mashine and the download fresh Chrome setup and install it again.
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
Folder: C:\WINDOWS\system32\CompatTel
Folder: C:\ProgramData\{ACF12395-778E-44F0-A811-C99F334A83F5}
Folder: C:\ProgramData\{BD26D777-CA21-4BDD-A581-6BCFE4F0F941}
Folder: C:\ProgramData\{C6A355F5-168B-4EEC-AB7C-75594F783EDB
Hosts:
Task: {619DB314-CE41-4FA6-9156-0BDE91E49C83} - \91966354-dc20-4a43-94f0-5c0bd8a3b2a3-2 No Task File <==== ATTENTION
Task: {AFA0A7C4-2CB4-4938-A1D5-D3C567E95868} - \91966354-dc20-4a43-94f0-5c0bd8a3b2a3-5 No Task File <==== ATTENTION
Task: {CA6B3E98-0313-404E-B63B-9E091085B420} - \91966354-dc20-4a43-94f0-5c0bd8a3b2a3-1 No Task File <==== ATTENTION
Task: {E07F314F-1DBB-49E5-98EA-E7AE643B14F9} - \91966354-dc20-4a43-94f0-5c0bd8a3b2a3-3 No Task File <==== ATTENTION
Task: {F5504019-AF56-4718-993A-FC6BFD235163} - \91966354-dc20-4a43-94f0-5c0bd8a3b2a3-4 No Task File <==== ATTENTION
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Plugin: (globalUpdate Update) - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 BackupStack; No ImagePath
Reboot:
C:\Users\AnaMaria\AppData\Local\Temp
C:\Program Files (x86)\globalUpdate
C:\Users\danie_000\Desktop\ComboFix.exe
C:\Users\danie_000\AppData\Local\Tbccint
C:\Program Files (x86)\Tbccint
C:\ProgramData\Tbccint
C:\Users\danie_000\jagex_cl_runescape_LIVE.dat
C:\Users\danie_000\random.dat
C:\Users\AnaMaria\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjmcmsx.dll
C:\Users\danie_000\AppData\Local\Temp\COMAP.EXE
CMD: del c:\windows\prefetch\*.* /f /s /q
CMD: ipconfig /release
CMD: netsh int ip reset
CMD: netsh winsock reset catalog
CMD: ipconfig /renew
CMD: ipconfig /flushdns
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
I looked for MyPC Backup in programs & features but couldn’t find anything under that name (also searched for PC Backup and Backup I’m assuming perhaps MalwareBytes or Avast! removed the software at some point, as the program name does ring a bell.
I ran the fixlist (fixlog included below), rebooted, uninstalled chrome, rebooted, reinstalled chrome from a fresh download.
PC been on for around 15minutes without any notification but I will continue to update.
Cool. Keep me posted.
No luck unfortunately, Had about 3 notifications since I last posted 
Let’s try this one …
Agan, after execution of zoekscript, post the log, monitor the behavior and tell me is the problem fixed?
Please download zoek by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
type C:\boot.ini;b
type c:\windows\control.ini;b
type c:\windows\system.ini;b
type c:\windows\win.ini;b
c:\WINDOWS\Prefetch\*.pf;f
EmptyCLSID;
FFDefaults;
CHRDefaults;
[-HKEY_CURRENT_USER\Software\WebApp];r
EmptyAllTemp;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
Here is the log, I’ll continue to keep my eye on it.
Hasn’t made any noticeable difference I’m afraid 
Hi,
We just find the source of the problem. Please hang in there. I shall give youa reply soon. 
Hello, I’m back. Tell me, are the alearts gone now?
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
CMD: bitsadmin /reset /allusers
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Unfortunately notifications have still been going strong since the last fix attempt.
Will let you know if this fix brings any changes. 
Here’s the newest fixlog:
Hm … CommandPrompt (cmd) has canseled the BITS job, this should be it. But let’s use a more powerfull approach before we use a drastic measures:
Start PowerShell (go to Modern UI aka Metro) and on Search type ‘powershell’ and load the command (blue) prompt. Right click > . . as Administrator.
http://www.mcshield.net/personal/magna86/Shell/Power1.jpg
The blue windows (blue command prompt) shall appear. Type the following and then press the Enter to run the command:
Get-BitsTransfer -AllUsers | Remove-BitsTransfer
http://www.mcshield.net/personal/magna86/Shell/power2.jpg
Reboot the windows and tell me, is the avast! alerts still occurs?
Been giving it a bit of time to see if notifications are still coming, and haven’t spotted any, so I think that’s done the trick!
Thank you very much for your help, I’ll let you know if any problems reoccur