system
1
I’m getting repeated Malicious URL blocked messages ( Approx 4 a minute)
All relate to a variant of werchindexonline that I’m not trying to access trying to access. The infection is always URL Mal and the process always relates to C;| programfiles (x86)…Iexplore .exe
Examples of the sites are
http://www.searchindexonline.com/find?kws=thomas+rosenthal+cookware
http://www.searchindexonline.com/find?kws=scarsdale+schools
http://www.searchindexonline.com/find?kws=2+million+bikers+to+D.C.,
http://www.searchindexonline.com/find?kws=247+mahjong
IE is not running but there are 4 instances of IE running in task manager that I can’t stop the process.
I have seen the http://forum.avast.com/index.php?topic=53253.0 page and wondered whether I should follow those steps listed.
Any advice would be appreciated
Pondus
2
follow instructions here and attach logs …not copy and paste. http://forum.avast.com/index.php?topic=53253.0
run in order listed
AdwCleaner / Malwarebytes / OTL / aswMBR
when done malware specialists will be notified and check the logs
when finish, all tools used will be removed
system
5
Attached the Malware bytes log
system
6
Attached OTL and Extras log
system
8
Is that everything that you need to analyse this?
I have notice in the last couple of hours that I get the constant notifications until I open internet explorer at which point the avast notifications stop. Even if I close down IE they still do not appear, only reappearing once I reboot but not opening IE.
magna86
9
@PSIMP-13
This is PC that it was used for work or to login for work at home, right?
Do you know this webpage for Exchange access?
https://myoffice.reyrey.com/owa/auth/logon.aspx?url=https://myoffice.reyrey.com/owa/&reason=0
system
10
This is a PC that I use to access work emails. The web address you listed is the outlook web access address.
magna86
11
That link is from Windows Server 2008 / 2012 which was promoted in Microsoft Exchange Server. And as far as I can see from the link, they are Server domain controllers (which is logical because the MES must be member of domain).
License only for MES costs about 1,500€ + it is needed an powerfull, very powerful server machine that may run that.
Since I’m not associated with avast, and I’m doing this on a voluntary basis I must force myself to stop provide you assistance.
Why would I someone for free allowed to earn on me and on my free work?
Please understand me.
Kind Regards,
magna