Help Me Pls : URL:MAL infection : Avast keeps popping up on chrome and explorer

Dear All,

I assume to have downloaded a file from the Internet (which I probably shouldn’t) and now Avast keeps showing up every few seconds when im web-surfing on chrome and with explorer lately in all user accounts. can someone help me remove this malware and return everything back to normal?

I have reviewed other threads and attaching standard logs for your review…

Please advise at the earliest as this is only my work computer in home office.

Thanks & Regards
Aswath

Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

Hi,

Please find the attached logs to this message

OK, now you’ve to wait a bit…

Thank you … Any Luck so far !! ??

Hi there, the first priority must be to uninstall chrome, you can re-install it on completion

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-3539871907-2967287595-2481223066-1004 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = BHO: No Name -> {15a5ac6a-7e5a-4828-b127-323a996068f3} -> No File BHO: No Name -> {5c085215-df6e-4166-9c09-bba7382c1e34} -> No File BHO: No Name -> {83537b1a-1217-4dcd-a06f-f32020ab0cb4} -> No File BHO: No Name -> {e5f6300b-03eb-4e84-a198-409c2143c2a6} -> No File BHO-x32: No Name -> {15a5ac6a-7e5a-4828-b127-323a996068f3} -> No File BHO-x32: No Name -> {5c085215-df6e-4166-9c09-bba7382c1e34} -> No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File BHO-x32: No Name -> {83537b1a-1217-4dcd-a06f-f32020ab0cb4} -> No File BHO-x32: No Name -> {e5f6300b-03eb-4e84-a198-409c2143c2a6} -> No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File FF Plugin HKU\S-1-5-21-3539871907-2967287595-2481223066-1004: @talk.google.com/O1DPlugin -> C:\Users\Kodha V Innovations\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-3539871907-2967287595-2481223066-1004: @tools.google.com/Google Update;version=3 -> C:\Users\Kodha V Innovations\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-3539871907-2967287595-2481223066-1004: @tools.google.com/Google Update;version=9 -> C:\Users\Kodha V Innovations\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] 2014-12-17 23:30 - 2014-12-17 23:30 - 00000000 ____D () C:\Program Files (x86)\YoutuboeADBLuocke 2014-12-17 23:29 - 2014-12-17 23:29 - 00000000 ____D () C:\ProgramData\pbnioagahnebioffdhcehhnjephmnffk 2014-12-17 23:29 - 2014-12-17 23:29 - 00000000 ____D () C:\ProgramData\1012906888011600948 2014-12-17 23:29 - 2014-12-17 23:29 - 00000000 ____D () C:\Program Files (x86)\BuyNssave 2014-12-17 23:29 - 2014-12-17 23:29 - 00000000 ____D () C:\Program Files (x86)\BuoyNsave 2014-12-17 20:26 - 2014-12-17 20:26 - 05585315 _____ (Swearware) C:\Users\Aswath Laxman\Downloads\ComboFix.exe.42hcldq.partial 2014-12-13 12:19 - 2014-12-13 12:19 - 00000197 _____ () C:\Windows\system32\2014-12-13-06-49-13.045-AvastVBoxSVC.exe-3584.log 2014-12-13 03:17 - 2014-12-13 03:18 - 00000197 _____ () C:\Windows\system32\2014-12-12-21-47-54.047-AvastVBoxSVC.exe-3284.log 2014-12-11 18:31 - 2014-12-11 18:31 - 00000197 _____ () C:\Windows\system32\2014-12-11-13-01-16.084-AvastVBoxSVC.exe-1712.log 2014-12-11 03:30 - 2014-12-11 03:30 - 00000197 _____ () C:\Windows\system32\2014-12-10-22-00-03.098-AvastVBoxSVC.exe-3504.log 2014-12-01 10:59 - 2014-12-01 10:59 - 00000197 _____ () C:\Windows\system32\2014-12-01-05-29-32.038-AvastVBoxSVC.exe-3564.log 2014-11-26 17:40 - 2014-11-26 17:40 - 00000247 _____ () C:\Windows\system32\2014-11-26-12-10-10.096-aswFe.exe-6032.log 2014-11-26 17:37 - 2014-11-26 17:40 - 00000247 _____ () C:\Windows\system32\2014-11-26-12-07-12.066-aswFe.exe-1032.log 2014-11-26 17:37 - 2014-11-26 17:37 - 00000197 _____ () C:\Windows\system32\2014-11-26-12-07-08.019-AvastVBoxSVC.exe-2496.log 2014-12-18 13:27 - 2013-11-01 19:46 - 00000508 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job 2014-12-18 13:27 - 2013-11-01 19:46 - 00000500 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job 2014-12-17 15:31 - 2013-11-20 14:35 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3539871907-2967287595-2481223066-1004Core.job CustomCLSID: HKU\S-1-5-21-3539871907-2967287595-2481223066-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kodha V Innovations\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3539871907-2967287595-2481223066-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kodha V Innovations\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3539871907-2967287595-2481223066-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kodha V Innovations\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3539871907-2967287595-2481223066-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kodha V Innovations\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3539871907-2967287595-2481223066-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kodha V Innovations\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File Task: {01321C93-5BEC-416A-B3BF-0B73266F2E53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3539871907-2967287595-2481223066-1004Core => C:\Users\Kodha V Innovations\AppData\Local\Google\Update\GoogleUpdate.exe Task: {1E8AFA32-A6E7-4916-BB74-524DBC23F74F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {47B8383E-7E35-4596-B5F1-21A558D1E6D4} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION Task: {91043CC2-CF6D-45E9-B9B5-B838D131405D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {9B3BC3A8-721E-459A-A9E1-55AEBACA9B99} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3539871907-2967287595-2481223066-1004UA => C:\Users\Kodha V Innovations\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3539871907-2967287595-2481223066-1004Core.job => C:\Users\Kodha V Innovations\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3539871907-2967287595-2481223066-1004UA.job => C:\Users\Kodha V Innovations\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SDMsgUpdate (Local).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe C:\Users\Kodha V Innovations\AppData\Local\Temp\_MEI47162 C:\Program Files (x86)\Google C:\Users\Kodha V Innovations\AppData\Local\Google C:\Users\Kodha V Innovations\Desktop\wings 2013 latest\5153\remote softwares\AA_v3 (1).exe CreateRestorePoint: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Thank you Essex Boy 8) !!!Very much Appreciated … Please find the attached logs for your review …

So far I haven’t seen that message popping up with internet explorer will keep you posted when I complete testing with Chrome and in different users …

Cheers
Aswath :wink:

Let me know once you are happy