Constant urlmal-avast-process-cwindowssystem32svchostexe/ alert when browsing

Ok I’ve just deleted the skype addon because I think it started around the same time I installed it.

So far no alerts have happened.

I’ll keep you guys posted.

Did the skype addon have the malware?

Was there any malware to begin with?

Thanks again for your help.

Very possibly as Chrome addons are very easy to subvert and from the logs show no difference to an unaffected one

Run it for a while and if all is good let me know and I will tidy up

Thanks again essexboy! I’ll browse for a while and let you know tomo.

I did a bit of googling and its all probably paranoia but it might explain why my webcam doesn’t work anymore?

http://www.v3.co.uk/v3-uk/news/2446268/skype-users-warned-of-t9000-malware-threat-that-records-video-and-text-chats

Would deleting the addon be enough? I’m becoming a bit worried now since I do a lot of online banking on this laptop too :S

Yes delete the addon

Ok well I thought everything was ok.

but nope! alert again! -.-

It definitely only happens when im on imgur.

So it is only that site and nowhere else ?

Yeh, just the imgur site

That would tend to suggest the site is at fault, is it a specific page on the site ? Is it before or after you login

Its usually when a GIF is playing

That would tend to suggest there is some form of infection there that Chrome is susceptible to

ok should I be worried? It’s now happening on regular browsing and its saying its attacking/flagging on avast?

Could I have a fresh FRST please

As info for Essexboy :
IP :113.171.224.171
Host :127.0.0.1

Could be something in the hosts file.

According to the FRST Host is empty

I disabled Avast for 10 minutes

Ran the scan as administrator

Here are the results attached

Did you install this extension Sad Panda

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Yeh, that’s one I installed, is it that thats causing the problem?

Here’s the fix log.

OK we are going to have to search the registry

Start FRST and in the search box copy/paste the following :

videoplayer;113.171.224.174

Press Search Registry and attach the resultant log

Ok done,

I didn’t turn of avast though before the search, is that necessary?