epictory,com, reduled.com Please help

Whenever I disconnect and connect to internet i get an avast --threat has been detected. Infection blocked
Url: http://reduled.info/3232/ProwSystem_142252300428591.dll
Infection: URL:Mal
Process: C:\WINDOWS\System32\svchost.exe

URL: http://epictory.com/3232/LibraryRunner_142251913912767.dll
Infection: URL:Mal
Process: C:\WINDOWS\System32\svchost.exe

I tried everything tdkiller, Malewarebytes, Avast boot time scan, Safe Mode with Networking and deleting chrome firefox and cleaning browser history, tdskiller, eset online scanner that was recommended online.
I have attached 2 txt from farbar recovery scan tool
Let me know if you need any more details. If you need anything let me know. Any help will be really appreciated this is driving me nuts

Hello raulkrishh

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

NP, I removed the prior posts. :wink:

Thanks :slight_smile:

Whenever I try to download Zoek avast gives me a Malware warning and removes the item to chest. I was wondering if I you could please suggest the fix with Farbar Recovery?

right click avast tray icon … from the menu pause shields

But I am kinda scared to install something avast is saying a threat

this happens with all the malware removal tools, especially after a update, zoek is a diagnostic tool and we use it here often
see false positive eksample here https://forums.malwarebytes.org/index.php?/topic/131391-zoekexe-fp/

all malware removers listed here are trained and certified in malware removal and all tools they use are safe https://forum.avast.com/index.php?topic=53253.0

I ran zoek and had a reboot. I have attached the results and immediately after restarting and connecting to internet avast gives me threat has been detected warning. I have attached a capture of that too.

Once again Thank you Pondus and TwinHeadEagle for your help

How is your PC now?

It still has the threat alert especially when I disconnect and connect to internet. I get an threat has been detected saying and infection blocked screen.
PC performance is okay I dont see any pop up or anything. I am scared weather there is a trojan hiding if for some reason avast is disabled then the infection can cause damage. So i want to delete it before it spreads.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Attached the frst and addition files after running the Farbar Recovery Scan Tool as Admin

You can have only one Antivirus, remove either Microsoft or Avast.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Worked liked a charm. You are a true rockstar!!!

How did you figure it out? Is that a trade secret or will that be something you will be interested in explaining.
Anyways, once again really thankfull for your help.

Just look at the Fixlist.txt and you will find out :slight_smile:

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Will do.
But how did you get the Fixlist.txt?

There is a Fixlist.txt at the first page :slight_smile:

UNITE Against Malware http://uniteagainstmalware.com