Hello guys,
I use Avast free, and I’ve been getting these pop-ups for over a month now, they pop up whenever I start my Windows 7 and then spontaneously.
I scanned my PC with Avast, Malwarebytes and Microsoft security essentials, and no malwares were found. Am I infected? Is it a false positive? Or it has to do with “Microsoft certificate revocation list” (whatever this means!)?
I’d appreciate it if you explain to me what’s happening in my machine before we delve deeper into Farber and other tools
Or it has to do with "Microsoft certificate revocation list" (whatever this means!)?
and when do you see this?
They usually (not always) appear first thing when Windows starts, even BEFORE I start Chrome (my default browser). Then pop-ups appear in an unpredictably spontaneous manner, sometimes I hear “threat has been detected” while I’m away from my laptop with only 2 or 3 Chrome tabs open (Facebook and Google)! Most of the time the pop-ups are unprompted, they appear without performing any action (visiting a website, downloading a file, etc.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
More is not better… Two must go
Could you screenshot the Avast popup and attach that
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
Thank you so much @essexboy, the screenshot wouldn’t show the object’s title (it shows only part of it), and when I try “more details”, I get “The online content is unavailable”, my internet speed is just fine, I’ve always got this message no matter how fast my internet is. I went through chrome browsing history (I searched for each of these pop-ups when then showed up), and wrote them down to the letter, I hope this helps
I guess I scanned (but not cleaned) my device with Adwcleaner before, because I see three logs at Adwcleaner, I’ll attach the three of them, and the fixlog.
Adware has deleted Babylon because it’s labelled a “PUP”, can I re-install it now, is it really that harmful?
I’m not sure I should post this on this forum since the detection(block) was made by another AV, but after I scanned/fixed/cleaned with FARBAR and Adwcleaner, MBAM has started telling me it’s blocking an outbound request for “m51.dnsqa.me” C:\Program Files (x86)\Google\Chrome\Application\chrome.exe :o, 3 pop-ups so far.
I’ve been online only for a few minutes since yesterday, barely facebook, google, Wiki, avast forum and now MBAM forum, so I don’t know how this new problem came up, or maybe it’s the same problem?! I just googled it, it turned out it’s about DNS or something, could be these two problems related??
m51.dnsqa.me was discussed recently (in September) in other forums hxxps://forums.malwarebytes.org/index.php?/topic/173009-false-positive-for-dns-changer/
