continuous warning about malware

system · January 19, 2015, 3:24pm

hi everyone,

This afternoon I keep getting the same warning about malware.
I have copied the URL (with a change in the address): hXXp://img.virus.analytics.com/js/adr.js?071b83

It pops up every few minutes, or even seconds.

I am not trying to access any new or strange websites, so I am not sure where it comes from.

I know I can do standard things/checks to solve the problem, but I just don’t know where to find the right advice.
Can anyone help me find it? I get a bit nervous…

Thanks!

Pondus · January 19, 2015, 3:27pm

follow instructions, attach requested logs and help will arrive https://forum.avast.com/index.php?topic=53253.0

system · January 19, 2015, 3:32pm

hi Pondus,

thanks for your quick reply!

Dumb question maybe, and I don’t want to reject any given help (not all!), but how do I know this Malwarebytes Anti-malware, and the other things that are suggested, is safe software?

Klaartje

Pondus · January 19, 2015, 3:47pm

Dumb question maybe, and I don't want to reject any given help (not all!), but how do I know this Malwarebytes Anti-malware, and the other things that are suggested, is safe software?

because you ask us for help, then you have to trust us ;)

you may browse the other posts in this forum section to see what we do

system · January 19, 2015, 3:53pm

You’re right.
I just started the process, scary…

Pondus · January 19, 2015, 3:56pm

naaa…it will work just fine. when done essexboy will fix it in 10minutes

you may get a avast warning when downloading Farbar Recovery Scan Tool if so, right click avast tray icon and pause shields

end Essexboy will remove all tools used when finish

avastuser3796 · January 19, 2015, 4:07pm

Hi,

To answer your Question about Malwarebytes and whether they are Safe or not…

Malwarebytes has an Epicly awesome reputation in the Malware Removal Department. Any googling in general of MalwareBytes is almost always Positive (Of course, you have the few haters, and people who are just out to ruin it’s Reputation.)

As for aswMBR: It’s an official Avast! Tool created to scan the MBR (Master Boot Record)
FRST: Created by Farbar for this Use. It has no ties to the big AV names like Avast! Trend Micro, Kaspersky, Norton etc, but widely used on all UNITE websites.

UNITE: http://uniteagainstmalware.com/

PLus: Just to back it up more… This site (Forum.avast.com) is an official Avast! Support forum. If we were out to cause damage, they’d ban us. Our ‘Main’ (Not to offend anyone else (Magna, Valinorum etc) remover, Essexboy has been around since Feb 19th, 2005. So, 1 month until 1 Decade, (And 1 post when posting this) away from 40k Posts…

Michael

system · January 19, 2015, 4:11pm

hi guys,

when restarting I got the message that Malwarebytes was unable to load the anti-rootkit DDA Driver, and the question is whether I want to reboot the system and attempt to install the Driver.
Uhmm…do I want that? (Reboot sounds scary, am I going to loose stuff)?

system · January 19, 2015, 4:20pm

just waiting for the answer: do I really choose to reboot?

system · January 19, 2015, 4:37pm

thanks Essexboy!
exporting the Malwarebytes log failed (I feel so clumsy), is there anywhere I can still find it (in the folders)?

system · January 19, 2015, 4:49pm

hi Essexboy,

the 3rd program, aswmbr.exe has stopped working twice, in the middle of the scan. I get the message that Avast anti toolkit has stopped working.
What can I do now?

Pondus · January 19, 2015, 5:05pm

open Malwarebytes > top right History > left side application logs

you should now see a list of logs…latest at top … we want the one called scan log > double click on the name scan log

it should now open, in lower left corner is a export tab … select tekst file/txt … name it, save it, attach here

Pondus · January 19, 2015, 5:06pm

you may wait with this, it may not be needed

system · January 19, 2015, 5:12pm

Thanks again!
I found the Malwarebytes-log (see attached)

I earlier aent the 2 FRST logs.

I just wait now?

Klaartje

Pondus · January 19, 2015, 5:30pm

I just wait now?

yes ...essexboy will soon be online .... be patient

system · January 19, 2015, 5:39pm

Ok, thanks Pondus, for getting me started. This all rather stressful…

essexboy · January 19, 2015, 6:31pm

Could you uninstall the following programmes first :
WinZipper
YAC(Yet Another Cleaner!)

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: CHR HomePage: Default -> hxxp://www.delta-homes.com/?type=hp&ts=1419841496&from=wpm12262&uid=SAMSUNGXMZMTD128HAFV-000_S15MNEAD703423 R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-15] (Elex do Brasil Participações Ltda) R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-01-15] (Elex do Brasil Participações Ltda) S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2015-01-15] (Elex do Brasil Participações Ltda) R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-01-15] (Elex do Brasil Participações Ltda) R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-01-15] (Elex do Brasil Participações Ltda) R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2015-01-15] (Elex do Brasil Participações Ltda) R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-01-03] (Elex do Brasil Participações Ltda) 2015-01-15 12:12 - 2015-01-15 12:12 - 00000000 ____D () C:\Users\klaartjepeters\AppData\Roaming\Elex-tech 2015-01-15 12:12 - 2015-01-15 12:12 - 00000000 ____D () C:\Program Files (x86)\Elex-tech 2015-01-15 12:12 - 2015-01-15 07:51 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\windows\system32\Drivers\iSafeKrnlBoot.sys 2015-01-15 12:12 - 2015-01-03 09:57 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\windows\system32\Drivers\iSafeNetFilter.sys 2015-01-15 12:11 - 2015-01-15 12:11 - 00000000 ____D () C:\Users\klaartjepeters\AppData\Local\Temp{145E8D1A-1B99-45E8-80D8-852CB6F73BF2} 2014-12-29 09:25 - 2015-01-19 17:08 - 00000000 ____D () C:\Program Files (x86)\WinZipper 2014-12-29 09:25 - 2015-01-14 12:54 - 00000000 ____D () C:\Users\klaartjepeters\AppData\Roaming\WinZipper 2014-12-29 09:25 - 2014-12-29 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

system · January 19, 2015, 7:04pm

I am grateful for your help Essexboy!
I attached the fix-log,
and will now do the clean-up thing

system · January 19, 2015, 7:27pm

And the AdwCleaner logfiles, I found 2 different ones (see attached)

Could you one more time let me know what to do next?

thnx,
Klaartje

essexboy · January 19, 2015, 7:46pm

Have the alerts now ceased ?

continuous warning about malware

Announcements