Like others, I am getting an Avast popup saying it has blocked getusaaall.info with infection URL:Mal (It says the URL is hxxp://getusaaall.info/?e=smsn&cht=2&dcu=1&cpatch=2&dcs=1&pf=1&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=714&country=US&ind=7591481914243091115&exid=1404927793894946777&ssd=3555376229538166293&hid=4379228797659139772&osid=601&channel=0&sfx=1&jc=1&category_name=SaveMass&install_date=20130709) and it says the infection is found in C:\Windows\System32\svchost.ext.

I tried a regular clean and a boot scan with Avast, restoring to a previous restore point (on Windows 7 64 bit) which failed with an unknown error, and I ran MBAM, FRST, aswMBR and ComboFix (I actually ran ComboFix before the first 3 - not sure if that matters). I tried other stuff as well, but none of it worked.

Attached are the MBAM, FRST, aswMBR and ComboFix logs.

Any help would be much appreciated!

If you are still getting the alerts could you reset chrome https://support.google.com/chrome/answer/3296214?hl=en-GB

I am still getting the popup. I tried resetting chrome, and I got the popup again after the reset.

I can usually fix these things, but this one really has me stumped. I don’t know what to do…

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CMD:ipconfig /release CMD:netsh int ip reset CMD:ipconfig /renew REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

I ran it - attached is the log. I’ll keep monitoring to see if we get the popup again (interestingly, it popped up as soon as the script ran and right before it rebooted).

Right after my last post, I got the popup again.

Could you run combofix one more time please, allow it to update and then post the log

OK, I ran ComboFix one more time and then shut down the pc and then started it up again and, unfortunately, I’m still getting the popup.

Attached is the ComboFix log. Let me know if you need any other logs.

Thank you so much for your help on this! I REALLY appreciate it!

Could you try this next please

To open an Administrator Cmd prompt from the Desktop use Win + X and choose Command Prompt (Admin) from the list.

In the black box type in/copy the following commands, each one followed by enter :

ipconfig /flushdns
netsh int ip reset c:\resetlog.txt
ipconfig /release
ipconfig /renew

Then reboot the computer

OK, I ran each of those commands and restarted the computer. Still no luck. I noticed that the Avast message saying the Web Shield blocked a harmful web page or file popped up after I did the ipconfig /renew the first time (before restarting), so after restarting I tried to release and renew my ip address and it did the same thing - gave the message as soon as it renewed the ip address.

I’m starting to think that this might be an issue with Avast itself. Should I uninstall and reinstall avast? Or maybe Chrome and/or firefox?

It is not a false positive as the website will download this https://www.virustotal.com/pl/file/534ff9f5a33c1cb7ef7a25dafd628ac5004d93b7e79437c4fd2dfc0b1b3de8e0/analysis/1405105235/

Could you do the following :

Disconnect from the net and turn off your router
Run the commands again
Reboot the computer
Turn the router on

I did all of those things and I’m still getting the pop-up. It happens even if Chrome is not open. It definitely pops up whenever I get a new network connection.

Bear with me I am trying a few different methods elsewhere

Any discoveries? I’m hoping to get this fixed up today since it’s actually on my mom’s computer and I leave their house tomorrow

Thanks!
Matt

Does this occur in any specific browser or does it happen all the time ?

It happens all the time regardless of what browser or even if a browser is running. The easiest way to get it to happen is to run ipconfig /release and then ipconfig /renew. It always pops up as soon as I am connected to the internet on the renew. Or when the computer boots up. But it also happens at random times while browsing.

Do you have any other computers connecting to the router with the same problem ?

I went upstairs to test out the second computer that is connected to the same router - it doesn’t seem to have any issues at all.

We are having severe problems trying to locate the launch point for this, so in a way we are working in the dark

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

C:\Users\Betty\AppData\Local\Temp CMD: ipconfig /release CMD: netsh int ip reset CMD: ipconfig /renew CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

I ran the fixlist and attached the log. Unfortunately it did not solve the problem, but running that did cause Dropbox to stop working. I think I can just uninstall and reinstall dropbox.