getting slammed by hxxps://188.165.198.52 url: mal

i recently got nailed with a virus hxxps://svadxvbtuc8c.com. I had my computer literally come to a stop almost. I had to uninstall avast, download it from another computer(the infect computer wouldn’t allow me to download) and reinstall the most uptodate version. now I am getting hit every 20 seconds with avast blocking this virus mentioned in the subject. anyone assist?

Hi squall280,

It is a rule here to break all links like with htxp://wXw etc. that could lead to infections. Please break that link.
Link may be down now but break that live link anyway.
It is now being detected: https://www.virustotal.com/nl/url/fcbb4b902193775ac7d00f5592789b705576aa1c49c0cbe059342027e33b7293/analysis/1414357669/
Trojan downloads coming from that IP: https://www.virustotal.com/nl/ip-address/188.165.198.52/information/
Drive-by-download and spyware. See: https://www.urlquery.net/report.php?id=1412349422591
IPs for that domain name may mitigate. See for domain: http://whois.domaintools.com/svadxvbtuc8c.com
svadxvbtuc8c dot com,ns1.regway dot com,Ghosted, also loads of spam comning from that nameserver: http://knujon.com/nameservers/NS1.REGWAY.COM.html
For an evaluation of your infection attach the files asked for here: https://forum.avast.com/index.php?topic=53253.0
and wait for a qualified removal expert to appear here in this thread.

polonus

how o I break a link? it now appears its changed.

It is down now that is why its changed, but still you need to modify the post and edit http for hXXp in the link so that the link is not active. Thank you.

what exactly do I have to modify in my post. I am sorry but I am new to this and never had a virus this bad. the hxxps://188.165.198.52 warning has returned with now a series of other. I can barely view pages or else I would research what I have to properly do but with the limited use I can get I am trying to figure out what it means to break a link and tyring to find a resolve on this nasty bug. here is another url coming in (hxxp://38.88.65.213:8080/gossipstats/statstracker?tracker=celebrity&id=387)

I am trying to figure out what it means to break a link
Live link http://www.avast.com/index broken link hxxp://wxw.avast.com/index

done to avoid accidental clicking on link that goes to infection/malicious websites

this is the log from malwarebytes

I ran aswmsr and my computer crashed the first time and seem to get hung up but was able to get a log which is provided here.

You have three antivirus programmes running on the system … You need to remove two

Let me know if this fixes it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKU\S-1-5-21-3975405500-1909171286-513800362-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! Startup: C:\Users\Voltron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dProtect.lnk ShortcutTarget: dProtect.lnk -> C:\Program Files (x86)\uTorrent\dProtect.exe (demonii) 2014-10-22 10:03 - 2014-10-22 10:03 - 00000000 ____D () C:\Program Files (x86)\SearchProtect CustomCLSID: HKU\S-1-5-21-3975405500-1909171286-513800362-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? CustomCLSID: HKU\S-1-5-21-3975405500-1909171286-513800362-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\fwcfg.dll (Microsoft) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service" CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

here is the first of that

here is the second part.
I am unaware of any other anti virus software I might have. I have adaware unless stuff was downloaded by accident or something

I decided to turn the internet back opn to see if the virus was gone…3 minutes into my session it came back up.

Could I have a fresh FRST scan please and if possible a screenshot of the Avast alert popup

fresh scan

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File 2014-10-24 22:16 - 2014-10-26 02:54 - 00000000 ____D () C:\Program Files\COMODO 2014-10-24 22:15 - 2014-10-26 02:54 - 00000000 ____D () C:\ProgramData\Comodo 2014-10-24 22:15 - 2014-10-24 22:19 - 00000000 ____D () C:\Program Files (x86)\Comodo EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

here is both of them…
I may be asking a stupid question but I have my internet turned iff on the infected computer. should I leave it on because after the last program adwcleaner restarted I am still getting hit with that virus.

Could you attach a screenshot of the Avast alert popup please


http://i663.photobucket.com/albums/uu352/squall280/IMAG1697_zpse7be78bf.jpg

Could you run system restore on your computer please and if possible take it back at least one week

system restore would has only the 27th as its last restore point which I after I got the virus. still go in that direction? seems like this virus is picking up traction with other people.