Avast free version detected fugdownload103.com while I was editing my web blog.
I decided to run a full scan and also clean all my browsers via Avast but all reports came back without any concern.

I also ran Malwarebytes but it also found nothing.

My concern is that fugdownload103.com introduced popup and survey prompts within my google Chrome but neither of these software programs seem to have been able to identify them.
I also noticed that this line is added to the end of my searches in Chrome “trackid=sp-006”
If I purchase the internet security add on would this protect me in future and more importantly do I still have this malware running on my computer?
I found the offending trackid had replaced my default search engine… it still shows as Google but with the following line in it
“https://www.google.de/search?q%s?=trackid=sp-006”

I am using latest Google Chrome, Win 7 x64 SP1 Ultimate and latest free Avast.

No security program have 100% detection…
fugdownload103 is a PUP = not malwre / Possible Unwanted Program

you may try clear your browsers with AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/

if you need help removing it, follow instructions here and attach requested logs https://forum.avast.com/index.php?topic=53253.0

thanks for the reply.
I have since done a google chrome reset and also used a program called zoek.exe which allows scripts to be run in it. It basically deleted temp and cache and other junk. It also picked up that within the registry was the trackid= for firefox which I manually deleted.

I was hoping that Avast would be able to protect me form this sort of thing but it appears not.

Can you ask Avast to change the verification… it is almost impossible to read the letters!

attach the requested logs from the guide i posted above and you will get help later today

we need Malwarebytes and Farbar Recovery Scan Tool logs

Thanks for the reply.

Is it really necessary to have to verify every time? I am logged in, seems over kill. Just having a lot of trouble getting the verification letters right even after listening to the audio!

Attached
Malwarebytes log
Farbar Recovery Scan Tool log

Don’t worry, it’s only needed for your first 3 posts.

re verification… Thank goodness

Unfortunately Chrome appears to be getting easier to suborn

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-2969858370-593140338-584515253-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION 2015-02-16 13:13 - 2014-10-09 00:30 - 00000000 ___SH () C:\Windows\S5ED6093C.tmp CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006" EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Thanks for the help.

Google Chrome reports - Your preference file is corrupt or invalid and is unable to recover your settings.
However once I logged in (to google gmail) it appears I have full functionality back. (It just forgot my last 8 tile locations e.g. when you open a new tab it doesn’t know where I have been.)

Also notice that windows explorer no longer remembers any of the pre-set location when I right click on it. (e.g. recent locations)

C:\Windows\S5ED6093C.tmp is still there.
I could safe boot and delete it if that would help.

Running adwcleaner after I post this.

Pondus, fugdownload103.com is a website.
It can’t be a pup

Results of adwcleaner

“Eddy
Pondus, fugdownload103.com is a website.
It can’t be a pup”

But it does seem to infect computers… e.g. mine and that’s with Avast running!!

Never intentionally went to that site.

It would appear that the hijacked default google search has changed to what I am guessing is a default… albeit a long one.

{google:baseURL}search?q=%s&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}

Was never this long before!

I guess based on the replies which I do appreciate I take it that my answer to my original question of “fugdownload103 Does Avast detect and remove this?” is NO.

Disappointed that Avast didn’t pick up that my google search default didn’t had been changed to the trackid= line.

Yeah I know I didn’t pay for it so I can’t complain. Trouble is I recommend this software to many people I support.

No one answered if Avast security might have mad a difference e.g. detected and stopped this from happening.

Thanks again to the volunteers that helped me clean up my computer.

You can report a possible threat here: https://www.avast.com/contact-us.php?subject=VIRUS-FILE

Yes that is now the default. But, as I say Chrome is getting very easy to suborn and search engines/home pages are changed very easily

Now Avast will not block any changes to these as they are (theoretically) user controlled

How is the computer now