There should be a small hole at the back labelled reset. You will need a biro or something similar to press the reset button inside. You will still need power to the router when you do this
Unfortunately, I’m not seeing much progress. I reset my router (it definitely reset as I had to setup the Wi-Fi network name and password). And once I got everything up, the popups began again. :-[
Any other ideas?
And of course, thank you very much for your time and help with this.
Have you ever used process explorer by sysinternals
Nope - never heard of it.
OK if you feel happy could you do the following :
Download to your desktop process explorer from here http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx
Run the programme and expand (by pressing the +) explorer.exe
When the alert appears note down what process is using explorer at that time
In my screenshot I just have Caledos running under explorer
Alrighty - so I ran that. I don’t see anything terribly out of the ordinary from the explorer.exe process. I’ve attached a screenshot. I couldn’t find any change (i.e. new process) when the alert occurred.
OK I have just received some further information from another victim of this. Could you try the following for me :
Reboot the computer then press and hold F8 until the menu appears
Select safe mode with networking
Open IE and let me know if you still get the alerts
I’ve been running safe mode with networking for the last hour or so (just to be sure) and I haven’t received a single alert.
OK the next bit is a bit tedious as we try to identify the problem file
In the search box type Msconfig and select the programme that appears at the top
1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.
https://dl.dropboxusercontent.com/u/73555776/Cleanboot1.JPG
2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.
https://dl.dropboxusercontent.com/u/73555776/cleanboot2.JPG
5.Click Disable All, then tick the Antivirus entry and then click OK.
6.When you are prompted, click Restart.
7. Could you confirm that the alerts are still not present
Also, I’ve been snooping around other threads to see how others are being handled. I see your recommending doing a system restore. That’s fine, except that I don’t have any saved restore points prior to when the alerts started (10/20). The earliest system restore date is 10/23
I too am getting the constant pop up - Avast - avast! Web Shield has blocked a harmful webpage or file.
Various Objects have appeared: go.wvydeo.com/results . . ., xmlka.com/click?app . . ., cdn1.movieroomreview.com/themes . . .,
The infection is always URL:Mal
Process C:\Program Files.…\iexplorer.exe, or PID 11260,
I have ran/full scanned several times this week with Avast and adaware - isn’t happeneing as often as it was 10/23/14 but still does happen. How can I get rid of this?
Please start your own topic and post your logs there: https://forum.avast.com/index.php?action=post;board=4.0
Essexboy,
I followed your instructions, but I’m still receiving the popups. As an aside, I noted a couple of unrecognizable programs from the services tab. The FLEXnet Licensing Service, RalinkRegistryWriter64, and RaMedia Server. I’ve attached screenshot of what I’m referring to.
They are legitimate entries but they do not need to start with the system
Could you open task manager and see if you have two explorer entries
Sorry for the delayed response - I had to step out for a couple of hours. I do have 2 explorer.exe processes open.
OK one of those is causing the problem as there should only be one active. Now they are both the legitimate file but one is being used to generate the web traffic
OK I have been playing with process explorer and I know how to get the data I need
Open process explorer and from the menu bar select View > Lower Pane
Select Explorer.exe
A Lower window will open
Then on the menu bar go to File > Save as…
Then select the desktop and click save
On the desktop will then be a text file called explorer please attach that
You may need to edit the file name from explorer.exe.txt to explorer.txt to allow it to be attached
File is attached.
By the way, I’ve seen a drastic decrease in the number of alerts over the past hour. Not sure why.
It appears that the site is now down, they only last a few days generally
I believe I have found it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
Alrighty - I ran it. Since the alerts have subsided, should I just keep a watchful eye?
And once again, Thanks so much for your help!
I REALLY appreciate it.