Hi
I have today been bombarded with pop-ups from Avast Web Shield every few minutes telling me that it’s blocked a harmful webpage or file.
It’s always the same object
htxp://onlinesecuritymetre.in/index.php
The infection is always URL:Mal
and the process is C:\Windows\explorer.exe
Malwarebytes was my first port of call, but the threat still keeps appearing. Anyway, attached are the scan from MalwareBytes, the FRST/Addition text files from the Farbar tool and the log from aswMBR.
It is a so-called Cloaked Scraper: http://www.ip-finder.me/93.190.140.145/ (blacklisted in three instances)
where one has to be careful because of some particular setting in the php.ini (index.php)
It is on the ZB Block-Blocklist for cloaked Spiders, Scrapers and Keywordsearchers who does not observe the rules
polonus (volunteer website security analyst and website error-hunter)
This is a very powerful tool that should be used only if advised by Malware Analyst. Do not run ComboFix on your own!
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Hello; I have had more or less the exact same problem, a constant barrage of URL: Mal warnings from Explorer.exe; typically one from onlinesecuritymeter.in, then usually five in rapid succession from it’s IP address, all thankfully blocked. This only started happening today.
I’m going on the assumption that I will need my own unique solution, but as the problem is entirely identical to this, I also assumed it would be easier to post here.
I have used Avast, MalwareBytes, SUPERAntiSpyware, both in and out of safe mode, tried to find anything with HijackThis, and even tried a system restore to a previous date, none of which worked.
The needed logs are attached.
I’ll note in advance I’m going to be going out of town for the weekend, so I unfortunately won’t be able to respond until Monday.
Start your own topic.
Explain your problem and give us info as to OS and other security programs running. What version of Avast are you using ??
Attach the requested logs.