I first started dealing with this problem today. Whenever I go to websites that I’ve regularly visited in the past I am receiving constant threat detection notices. The infection says HTML:Bankfraud-TQ[Trj]. I’ve ran a scan with Avast, a scan with Malwarebytes, and even with Combofix. None detected anything that has stopped these constant threat detections that I just started getting today. Does anyone know what is going on? Running scans with those three programs is the limit of my antivirus knowledge. Any help would be appreciated. These constant notices are more annoying than anything else.

Whenever I go to websites that I've regularly visited in the past I am receiving constant threat detection notices.

what is the url ?

is it just one site ?
does it happen when not surfing also ?

I’m getting it from multiple sites I’ve visited for several years without any problems like this. I will list a few just for reference. http://www.billburr.com/podcast http://www.bestfightodds.com/ http://theafterdisaster.com/ http://mmajunkie.com/

I’ve noticed it only when surfing sites like those that are the least secure of the ones I visit. I don’t get it on the Google homepage, my private torrent site, Chase Bank or Yahoo. It does go off when I open uTorrent. Just seems like it got sensitive to less secure sites all of a sudden today.

if you right click avast tray icon, and select…show last popup… click the pin in top right corner to make it stay on screen
then take a screenshot of it and attach here

then follow instructions here and attach OTL diagnostic log https://forum.avast.com/index.php?topic=53253.0

also attach Combofix log from your scan

when done the malware experts will be notified and help you

Sometimes there’s as many as 30 objects detected just from going to one of those pages, but the infection is always the same bankfraud thing. I get different amount of objects detected with each refresh.

Here is the threat notice.

Hold on messed that up

Here’s a screenshot because I’m not sure if that link is showing up with the right info.

thats OK … important log is OTL

you have saved the log as Unicode so it looks like chinese … you have to save it as ANSI

that looks fine

malware experts are notified. it may take some hours before they are online…

Thanks.

I see that you have run Combofix, could you attach that log please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://www.searchqu.com//web?src=ieb&appid=0&systemid=421&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://www.searchqu.com//web?src=ieb&appid=0&systemid=421&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKU\S-1-5-21-338254004-706361589-1527394266-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100607&mntrId=602c54fa00000000000000248c48537a
IE - HKU\S-1-5-21-338254004-706361589-1527394266-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://www.searchqu.com//web?src=ieb&appid=0&systemid=421&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-338254004-706361589-1527394266-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
FF - prefs.js..keyword.URL: "http://www.searchqu.com//web?src=ffb&appid=0&systemid=421&sr=0&q="
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

I’d like to say thank you for the help offered. Today I woke up and I am no longer experiencing this issue. What and why are questions I have, but as long as it is no longer occurring then I am satisfied. Thanks again.

you should still follow the instructions given by essexboy in his last post