Getting " threat has been detected" continuously

Hello All. For the last few days, I have been getting " threat has been detected" from Avast and looks like Avast has blocked them all. MANY THANKS to Avast. But, just this morning, I am getting the same message every minute or so. The message has the object of https://svadxvbtxxxx.com, (don’t want to type the entire address). It really is appearing every minute or so. Anyone out there having problems with this and does anyone know of a fix? I have scanned the computer with Avast and Malwarebytes several times with no help. Thanks Mike

attach requested logs https://forum.avast.com/index.php?topic=53253.0

I too am being relentlessly barraged with “threat has been detected” any known relief in sight?

Yes i just posted the instructions above … and to recive help, start your own topic

Just tried to attach the logs as requested and I get an error that the files are too big for the server to allow or it’s taking too long to load them as attachments. Where do we go from here? Thanks BTW, the threats are coming at the rate of several a minute now. Thanks

Tried several times to attach the logs and get the same error message. Thanks

The files are 35 and 49KB is size.

Just noticed that I don’t get the threats when I’m running in “safe mode with networking” Thanks

Another try to attach logs.

Be advised I have not yet tracked down the trigger location for this alert. But thank you for the safe mode data

If this fix fails to stop it could you run system restore as far back as possible

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0CtAyByByBzz0FtAyEyDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=282692777&ir= EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Hey Essexboy. I have not had time today to do any further testing for the continuous threats. However, at this time, the computer has been running in normal mode for a couple of hours without any threat pop-ups from Avast. Is the problem fixed? If so, do I need to do any cleanup from the downloads I installed to obtain the logs you requested etc. Thanks for all the help.

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

Will do, ESSEXBOY. Will watch it for a day or so and hopefully it does not return. Will let you know. BTW, what about the JAVA warning and information on your reply, should JAVA be uninstalled? About all I use this computer for is to browse the internet, e-mail, download pictures and some banking stuff. Again, Thanks

Unless your bank uses Java then you can remove it. I have not had Java on my system now for a few years

May have spoken too soon, Just got a threat. This time it contained “MLK” as part of the name. I’ve seen this before also but not near as often as the other threat I was having. I see also that some other members are having the same MLK threat. Thanks again.

If all computers that connect to the same router are displaying the same redirect the router may well be infected

Could you confirm that all devices are seeing this

essexboy, just to let you know. just got 12 “MLKA” threats in a row?.

I’ll check on the other computers. I have one desktoop and 2 laptops.

Hey essexboy, the two laptops use the same router as the desk top. I’m not getting the threats on the laptops, only the desktop. Thanks

still getting threats this morning from" MLKA" and a new one from"88.214.194.199/71760552/MJAW…" thanks.