Hello, im having a bit of a problem with some malware. every time i connect my pc to wifi, i am bombarded with pop ups from avast, telling me that it has blocked a redirect to a malicious website, even if i dont have chrome open. this is my first time in a forum, so i dont know what information to provide, such as logs, etc. i have run malwarebytes, a full system scan from avast, a smart scan from avast, and a scan from adw cleaner. i always get the same bit in adw cleaner, a report saying i have a malicious extension in my local appdata folder for chrome. if anyone can direct me where to go from here, i would greatly appreciate it
Hello,
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
here you are good sir
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[]In the main box please paste in the following script:
createsrpoint;
autoclean;
emptyalltemp;
chrdefaults;
ipconfig /flushdns;b
[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
as soon as i rebooted, (it was necessary) i got more of the pop ups. screenshotted for reference.
Does it happens only when Chrome is open?
it seems to happen as soon as i connect to wifi. i rebooted the machine with the wifi off, turned it on, and they popped up.
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
here you go. i ran it with avast shields down, as i did with zoek (just in case)
Chrome seems to be altered by malware.
CHR dev: Chrome dev build detected! <======= ATTENTION
You need to completely uninstall and then install it again.
i saw that in the first report and thought ill of it. doing so now.
i have uninstalled both google chrome and chrome canary, I am posting from internet explorer. to avoid possible re-infection, are there any scans I should run prior to re-installing chrome?
Reports look good. You can try to install Chrome.
re-installed and its looking fine. for some reason, as i booted up, i got the notification noise from avast one time, but no pop up. nothing after that. anyways, thanks for the help!
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
sorry, the DelFix link is 404’ed
sorry for the duplicate message, dont know how to delete postings.
Works for me.
i just searched for the program and dl’ed off of toolslib. didnt save to desktop before i ran it, does this matter?
It is not that important.