So I’m pretty sure I got some malware going on, everytime I try to connect to a VPN or a Virtual Lan gaming client i have called evolve Avast keeps warning me that its blocking an infectious site from harming my computer, whereas im glad its not getting through, the 50 dings in my ear in less than 20 seconds is far from pleasant and was wondering if someone could help me solve the issue, following are the URL’s that Avast is blocking

URL: reddie.net/3232/goopad_142250227087080.dll
Process: C:\Windows\System32\svhost.exe

URL: blackfight.info/3232/PathGeneration_142247348974386.dll
Process: C:\Windows\System32\svhost.exe

URL: blackfight.info/3232/TerminusTurbo_142250946264186.dll
Process: C:\Windows\System32\svhost.exe

URL: blackfight.info/3232/AppendGeneration_142246588271906.dll
Process: C:\Windows\System32\svhost.exe

URL: reduled.info/3232/AppendMonitor_142246449203030.dll
Process: C:\Windows\System32\svhost.exe

URL: epictory.com/3232/IndepthGeneration_14225110378956.dll
Process: C:\Windows\System32\svhost.exe

1]
Make the links not clickable

2]
Follow these instructions:
https://forum.avast.com/index.php?topic=53253.0

here you go

Could you let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: 2015-02-20 16:43 - 2015-02-25 19:54 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin Task: {48C8C973-698A-490F-89D7-BEDE6E2C096F} - System32\Tasks\ISpeedPC_Daily => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

Well I’m happy to say that my initial issue is solved, I can now connect to my VPN and my Evolve Client without the issue, but now I have a Win32:Malware-gen that avast is moving to the chest, this happens right at boot and happened when my PC restarted after applying the fixlist.txt and when it restarted after doing to adwcleaner scan, I attahed a screen shot of the new malware along with the log from adwcleaner

What is the full path of that file ?

Could you run a fresh FRST scan please but tick 90 days this time

uloaded a screenshot that shows the file path of all the Win32:Malware-gen’s that just started, apparently there were 4 not 2, and uploaded the new FRST log

They are in the temp files … The process that started this was in C… Universalavservice… wht is the full path of that ?

full path is C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe

OK that is an antivirus programme and it looks like Avast is picking up on virus definitions

This is why you should never have two AV’s running

I know, I uninstalled it and the new problem went away, the only reason it was installed is because before I came here I went on pc help forums and they got me to install it with like 15 different things to do scans with still couldn’t solve the issue, its why I came here to begin with, and I must say I will be coming back here if I ever have an issue like this again as one of the first scans they had me do was the FRST and they couldn’t produce a fix like you could lol thank you very much for all the help, so far everything seems to be going fine and there seems to be no issues anymore

I feel that is because they do not know how Avast works, although to be honest it took a few days before we figured out where it was originating

well what made it worse to is that i showed him the screens of the avast notifications that said it was a malware and the guy was trying his hardest to convince me it wasn’t and even got rude and started going on about how if i don’t want to take his 30+ years of experience in the matter then I can keep my problems, thought it was very rude and didn’t give me a good opinion on their site, I felt a lot more respect here and I thank you for that, will definitely be back if I have another problem

Avast is the only one to detect this at the because of the way that webshield operates

If he had run Combofix then the alerts would have ceased, as that programme clears the same area that I did

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version

https://dl.dropboxusercontent.com/u/73555776/javara.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe