Hi there. I need your help with the Avast pop-up and audio messages that I am getting every 5 seconds once I turn on my computer. The message reads: “avast Web Shield has blocked a harmful webpage of file. Object: hxxp://yugroben6.in/task/4001, URL: Mal, Process: C:\Windows\System32\svchost.exe.” When I click on “more details…” button I am getting and Infection Blocked webpage with the same info listed above. from reading the other posts in this forum I understand that I need a custom fix tailored for my system. Please let me know what files/logs do I need to provide in order to receive the fix for my computer. Your help is very much appreciated.
follow instructions. https://forum.avast.com/index.php?topic=53253.0
attach the requested logs Malwarebytes / OTL / aswMBR
Thanks Pondus! Please see attached.
Hi 
Give me some time to analyze your logs and I will come back to you shortly
only trained and certified Malware removers are allowed to do malware cleaning work… names on those qualified are listed in the quide
so unless Essexboy can say that you are good to go…post will be deleted
Pondus, he’s a trainee of Essexboy.
if so he is good to go 
yea just checked the updated list… you may add something to your signature that tell us @Naathim
and welcome to the forum
Hi guys and thank you very much. I’m currently finishing my training at G2G, so don’t worry. I’m under good supervision
We have Blackbeard here. Fix is currently being created
Welcome to the forum Naathim.
Hello romrocket!
We’re dealing with a Blackbeard infection here. Let’s start the fight!
https://sites.google.com/site/cannedfixes/combofix/51a5bf3d99e8a-ComboFixlogo16.png
Scan with ComboFix
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/combofix/51a5bf3d99e8a-ComboFixlogo16.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Accept the disclaimer and agree if prompted to install Recovery Console.
[*]Do not take any actions while ComboFix goes through your System - it may cause it to stall!
[]This scan may take some time!
[]When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).
Include that log in your next reply.
http://forum.programosy.pl/images/smilies/icon_idea.gif
If you’ll encounter any issues with internet connection after running ComboFix, please visit this link.
http://forum.programosy.pl/images/smilies/icon_idea.gif
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
Hi Naat, and thank you for your help! Please see attached the ComboFix log file.
it looks like my system is still infected after running ComboFix. I am looking forward to receive the fix. Thanks again for your help.
Yeah, I know. There’s a critical system file patched. Let’s try to fix it
https://sites.google.com/site/cannedfixes/combofix/51a5bf3d99e8a-ComboFixlogo16.png
Fix with ComboFix
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Press the
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png
- R on your keyboard at the same time. Type Notepad and click OK.
[*]Copy the entire content of the codebox below and paste into the Notepad document:
Folder::
C:\ProgramData\UpdateTask
C:\ProgramData\UpdateServer
C:\ProgramData\MediaDev
File::
C:\Windows\SysNative\wwcm.jca
Driver::
WinDevSrv
MediaDevSrv
FCopy::
c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll | c:\windows\system32\rpcss.dll
Reboot::
[*]Click File, Save As and type CFScript.txt as the File Name.
[/list]
Both ComboFix and CFScript have to be in the same location!
Refering to the picture below, drag CFScript into ComboFix.exe:
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
This will run ComboFix.
When finished, it shall produce a log for you at C:\ComboFix.txt. Please include this log in your next reply.
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[list][*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[]In the main box please paste in the following script:
createsrpoint;
{EEE6C360-6118-11DC-9C72-001320C79847};c
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5};c
autoclean;
rpcss.dll;z
C:\Windows\SysNative\wwcm.jca;f
process;
services-list;
iedefaults;
firefoxlook;
chromelook;
startupall;
installedprogs;
filesrcm;
[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Include its content into your next reply.
Naat, It looks like the malware is gone from my system. Great Job, and thanks a lot for your help! Please let me know if there is anything I can do to prevent a reinfection? See attache tdhe logs.
Hi We’ve got still some more work to do, as there are still some malicious files present.
https://sites.google.com/site/cannedfixes/otl/51a5d669693dd-icon_OTL.png
Scan with OTL
Please re-run OTL to give me a fresh look about your system.
[*]Right-click on
https://sites.google.com/site/cannedfixes/otl/51a5d669693dd-icon_OTL.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Make sure that Scan All Users, LOP check and Purity check are ticked.
[*]For 64-bit systems only - make sure that Include 64-bit option is also ticked.
[*]Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
[*]Under the Custom Scans/Fixes bar in the box paste in the following:
/md5start
rpcss.dll
/md5stop
[*]Push Run Scan and wait patiently.
[*]A notepad window with a logfile will open after this run.
Please include the content of this logfile in your next reply.
Than Naat. Please see latest OTL scan attached.
Saved in ANSI…
Hi romrocket,
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool
Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]When the tool opens click Yes to disclaimer.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
Hi Naat! Please see attached.
Hi
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Press the
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png
- R on your keyboard at the same time. Type Notepad and click OK.
[*]Copy the entire content of the codebox below and paste into the Notepad document:
start
C:\Windows\System32\wwcm.jca
C:\Windows\System32\config\systemprofile\AppData\Roaming\iywb.yqc
C:\Windows\System32\config\systemprofile\AppData\Roaming\hnqqj.xyp
C:\Windows\System32\config\systemprofile\AppData\Roaming\ebbiicn.rlg
end
[*]Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.
https://sites.google.com/site/cannedfixes/malwarebytes-anti-malware/51a46ae42d560-malwarebytes_anti_malware.png
Scan with Malwarebytes’ Anti-Malware
Please re-run
https://sites.google.com/site/cannedfixes/malwarebytes-anti-malware/51a46ae42d560-malwarebytes_anti_malware.png
Malwarebytes’ Anti-Malware.
[*]First of all, select update.
[*]Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
[*]Click the Scan tab, choose Threat Scan is checked and click Scan Now.
[*]If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
[*]Upon completion of the scan (or after the reboot), click the History tab.
[*]Click Application Logs and double-click the newest Scan Log.
[*]At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.