False or, ?? -- http://stats.mydatastatssrv.com

I occasionally receive the following Web Shield Pop Ups: http://stats.mydatastatssrv.com/stats.gif?action . The web blocker pops up on the occasion when I start running my laptop or, in some rare instances, when chrome opens up. The pop up will repeat itself about 8 to 10 times in succession, with the pop up indicating how many times. The good news is whatever this is, Avast says it has been blocked. I cannot seem to find any relevant data on this. Avast shows my system as always clean, and no followup info.

Have run Avast Clean and Boot Scan, Comodo Cleaning Essentials, ADW Cleaner and Malware bytes. There was a couple of Adware Pup’s, but everything has checked out fine now. Yet , Web Shield still occasionally pops up with this same URL warning.

I’m running:

Avast Free 2014
Intel(R) Core™2 Duo CPU P7450 @ 2.13GHz, 2133 Mhz,
Windows 7 Pro

Any thoughts?

attach OTL diagnostic log http://forum.avast.com/index.php?topic=53253.0

I ran the OTL diagnostic. The logs are attached with this reply. After running OTL I followed up running aswMBR. That proggy crashed a couple minutes after running due to an error it had from recognizing a system error. It was a quick flash of the screen with the error, then a shut down. On reboot, Windows asked to correct settings from an improper shutdown.

I chose to correct the settings. Everything seems to be back up and running fine at the moment.

Not sure if I was even supposed to run aswMBR immediately following OTL or, wait till I received a response on my OTL logs…??

Appreciate all the assistance.

log experts are notified…since it is midnight here in europe now you may not recive a reply before tomorrow

OK I will need to use a different programme to look at chrome

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please copy and paste log back here.
[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Appreciate your time on this essexboy.

I have run the scan. I think it is important to mention that I could not download the Farbar Recovery Scan Tool download on the computer that was having the web shield pop up problem. It would not allow me to open the page on bleepingcomputer. Avast was continually blocking the page with the web shield. I used another computer that also has Avast and it opened it without issue. Surely that says something. Whatever it is, this computer that keeps having the web shield issue is having a problem with Farbar’s download page.

I renamed Farber as a precaution, put it on a flash drive, transferred it over and put it on my desktop. Ran it and the results are here. I understand you said in your reply to copy Frst.txt and Addition.txt. I attached them since that is the protocol I was using and thought that is what you meant.

Let me know if this works.

Thanks

Hmm that would indicate a possible infection on a system file, hence no sign in any of the browsers

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

So, I have ran Combofix. Rebooted the computer and it came up without any Avast warnings when I opened up my Chrome browser. Seems as if something has been remedied. My Combofis.txt file is attached. Does it tell you anything?

Yep it did not like this Chrome extension and killed it

CHR Extension: (Coupon Companion) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm [2012-11-09]

I was fooled by the date

How is the computer behaving now ?

hi essexboy,

Computer has been doing great with no issues. Back to its good behavior.

Thanks so much for the time you’ve spent on this issue. Is there any compensation you or the other techs receive for this type of service?

Nope, 'tis a free service :slight_smile:

In that case methinks I will send you on your merry way :slight_smile:

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

Me thinketh this has been one of my greatest tech computing experiences. :slight_smile:

I ran Delfix. Noticed it deleted many other cleaning proggies along with itself and cleaned up old Restore Points and created a new. I saved the delfix.txt. Installed Cryptoprevent and disabled Java. I did not see Cryptoprevent in the systray. I assume it changed the many rule sets in the registry when I hit “Apply”, then it rebooted. To revert, I’d guess I’d just open the program again and choose Undo. But, I see no need since this after reading of the developers design, I have installed a good piece of protection.

Many thanks again essexboy for the good work and, for being a very instrumental part of this team of tech support volunteers. :slight_smile:

You are correct with cryptoprevent it changes the registry keys to locked or unlocked depending on your choice, so it is fire and forget :slight_smile:

It was our pleasure to assist, thank you for the kind words

I am having the same problem as Xtra, except I am running Firefox and probably not as computer savy.

…should I follow the same procedure?

thanks for your knowledge and time!


Lenovo Z570
Windows 7 Home Premium
Intel I-5
Avast FREE 2014

cruisecontrol49:

I read your post. I’m not a tech here, only someone that got great assistance in resolving an issue. Keep in mind, when you are ready, it is asked of you to start a new topic on your specific problem. A technician here can then assist you on your specific issue. Even though yours matched my issue, you may have other ones that differ.

I can speak to you only on behalf of the level of experience it took me to complete the tasks asked of me. They were simple computing tasks that I had learned early on. And even so, I took my time to make sure I did everything correctly. I’ve known a few people over the years who have been using a computer for many, many years and still did not know these simple skills. In no time, they catch on. You may already possess these skills.

All that is required is basic computer file management skills. It’s just all about opening “Windows Explorer”. And, that was really only to do verification of file downloads and a copy of a file. Also, one file I had to download from another computer, put on a USB flash drive and copy it to the infected computer. That was because the malware did not like my browser going to the site where it could download a potential fix. It did not like Farber and kept me from opening it on the infected computer. That was a simple task to work around. Only took an extra few minutes. So, I only used simple computer file management skills and ran the programs I was asked.

I’m not sure of every level of difficulty, but mine was quite simple. If you read through my instructions, you can see the involvement on my end. Running a program or two downloaded from a link in the instruction. Some of those programs yield results in a text format. You’re then asked to attach those results in a reply. The technician working with you analyzes those and makes a savvy judgement on the next step for you to take. You may then be asked to run another program that will remedy something the technician finds suspect. Pretty easy. The programs are very robust and can do some very thorough rooting out of your issues.

Using Windows Explorer to manage files is as difficult as it ever got with me. Also, when you download, it’s a good idea to maintain control of all your downloads. You said you are using Firefox. In “Options”, at the “General” tab, if you already haven’t, choose “Always ask me where to save files.” It’s a good habit to get into for file management so every file isn’t always going into the “downloads” folder. Create categories with subcategories. Like “Computer” and then inside that “Cleaning Utilities”, etc.

If your not too familiar with Windows Explorer file management, there are plenty of instructions out there to get you proficient in that area in no time.

Good luck in getting this resolved.

I assumed that I would have to start a new thread from the beginning.

I was just looking for confirmation that I would probably follow the same resolution path as yourself. I was just trying to do some preliminary preparation, such as running the OTL scan, before opening a new thread. It was more or less to familiarize myself with the process so as to not waste anybody’s time if I fumbled the ball.

thanks for your help and I appreciate your kindness

I would like to say you could expedite the process by running OTL from the link you see in this thread. However, there might be some differences. I posted some specifics to my computer I was using and, that I was using Chrome. You’ll see there are some lines of commands in that link I was given in which you are asked to paste in OTL before running the program. Those could possibly differ depending on the specifications of each computer. Those commands do mention something about Chrome.

So, there may be other links that are similar, but different code would be asked of you to paste into OTL. This could change depending on the information you give the technician. And, they probably need to know you are having the issue with Firefox, as I recall you mentioned already. This could make a difference. And, if you make a mistake, the people here seem to be pretty gentle.

Look forward to finding out if there is any truth to my speculation on that particular point. Good luck, you should have this resolved in no time. My laptop is still running great. :slight_smile: