continual pop-ups about onlinesecuritymetere.in

Hi
I have today been bombarded with pop-ups from Avast Web Shield every few minutes telling me that it’s blocked a harmful webpage or file.
It’s always the same object
htxp://onlinesecuritymetre.in/index.php
The infection is always URL:Mal
and the process is C:\Windows\explorer.exe

How can i stop this?

Logs to assist in cleaning malware

https://forum.avast.com/index.php?topic=53253.0

Malwarebytes was my first port of call, but the threat still keeps appearing. Anyway, attached are the scan from MalwareBytes, the FRST/Addition text files from the Farbar tool and the log from aswMBR.

Hi steve143,

Break that malicious link with hxtp. Why, just see here: https://www.virustotal.com/nl/url/2ec764a58bb529f123ffd72f128773f3b51240921de0c95f37e20fc2b653895e/analysis/1429911208/
Site is potentially harmfull: https://sitecheck.sucuri.net/results/onlinesecuritymetre.in
Quttera flags: domain is Malicious. Outdated Web Server Apache Found: Apache/2.2.22

It is a so-called Cloaked Scraper: http://www.ip-finder.me/93.190.140.145/ (blacklisted in three instances)
where one has to be careful because of some particular setting in the php.ini (index.php)
It is on the ZB Block-Blocklist for cloaked Spiders, Scrapers and Keywordsearchers who does not observe the rules

polonus (volunteer website security analyst and website error-hunter)

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

https://sites.google.com/site/cannedfixes/combofix/51a5bf3d99e8a-ComboFixlogo16.png
Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/combofix/51a5bf3d99e8a-ComboFixlogo16.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Accept the disclaimer and agree if prompted to install Recovery Console.
[*]Do not take any actions while ComboFix goes through your System - it may cause it to stall!
[]This scan may take some time!
[
]When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.

http://forum.programosy.pl/images/smilies/icon_idea.gif
If you’ll encounter any issues with internet connection after running ComboFix, please visit this link.

http://forum.programosy.pl/images/smilies/icon_idea.gif
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Hello; I have had more or less the exact same problem, a constant barrage of URL: Mal warnings from Explorer.exe; typically one from onlinesecuritymeter.in, then usually five in rapid succession from it’s IP address, all thankfully blocked. This only started happening today.

I’m going on the assumption that I will need my own unique solution, but as the problem is entirely identical to this, I also assumed it would be easier to post here.

I have used Avast, MalwareBytes, SUPERAntiSpyware, both in and out of safe mode, tried to find anything with HijackThis, and even tried a system restore to a previous date, none of which worked.

The needed logs are attached.

I’ll note in advance I’m going to be going out of town for the weekend, so I unfortunately won’t be able to respond until Monday.

Start a new topic in V&W and post your logs there: https://forum.avast.com/index.php?action=post;board=4.0

Hi twinheadedeagle

Thanks for helping me attached is the log from the Farbar tool and also the log from the ComboFix tool.

Cheers

How is your PC behaving now?

No re-occurrences - thanks for your expert help.
Cheers
Steve :slight_smile:

Hi I’m having the exact same issue. Avast and Anti-Malware Bytes doesn’t seem to catch it. Can anyone provide some assistance?

Start your own topic.
Explain your problem and give us info as to OS and other security programs running. What version of Avast are you using ??
Attach the requested logs.