Hi,
Some introduction before I get to the problem.
Today I was watching a youtube video and got a virus notification. I thought nothing of it as Avast blocked it, until I started getting these popups requesting server access to my computer to download a file called “thawbrkr.dll”. Every time I clicked “no” the popup would reappear after about 1-2 minutes. I tried to determine what was causing the popups to appear, to no avail (I’m fairly experienced with dealing with viruses and malware; so I checked the usual places AppData, ProgramData, Windows, Program Files, and Temp folders but found nothing at all). I figured that accepting it would cause the virus more access but I was at wits end and figured that once it was on the machine I could get rid of it.
So now I have this virus that keeps being blocked by my Avast Antivirus scanner, called “Reannewscomm.com”. Every 10-15 seconds it blocks its attempt, for the past 2-3 hours now that I’ve been trying to get rid of it. I ran a complete scan of Malware Fighter and it did not detect it, and a complete scan of Avast Antivirus, and it didn’t find it. I’ve looked in the usual places again, and deleted any temporary files that came on the computer today (March 8), any cookies for today, and reupdated both Avast and Malware fighter to no avail.
The precise details of the blocked virus are as follows:
Object = http://reannewscomm.com/ads.php?sid=1967
Infection = URL:Mal
Process = C:\Windows\Explorer.exe
I tried to follow several guides on how to remove it manually (as the other option requires buying a tool that I’ve never heard of before and it only scans for free), and none have succeeded. All the usual indications of this virus are not present yet as Avast blocks it from putting those down and activating them. However, something is clearly trying to activate but I don’t know where to find it.
The popups only appear when I’m connected to the internet. When I disconnect from the internet (I use a wired connection) the popups cease to popup, leading me to believe that that server I allowed access to my computer is trying to create the virus or deploy the virus or something. I dunno. As stated, neither Avast nor my Malware Fighter detects the virus on my machine, and thus I feel that that server is causing the issue. So… does anyone know how to block a server from accessing the computer AFTER you’ve given it permission to have access?
However, something strange did happen recently. After trying to solve the problem for 4 hours, I got frustrated and left the computer alone. When I returned, it sounded like the computer was playing a podcast… though no podcasts were found on my machine, no internet explorer windows were open and no media player type programs were active. Disconnecting the internet / resetting the router didn’t stop this podcast, but ending Explorer.exe did (though that made the system unstable forcing me to restart it). The other thing of note is I have limited download capabilities right now (I can download it if I click Save Target As, but not any other method (ie Run / Save / Save As; these crashes internet explorer))
Any help would be appreciated.