HELP I’ve downloaded a file from the Internet (which I probably shouldn’t) and now Avast keeps showing up every few seconds when im web-surfing on chrome. can someone help me remove this malware and return everything back to normal? please?
Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0
you mean attach them here?
Yes.
okay please wait thank you
Here you go. I didn’t have an infected USB stick, nor I wasn’t able to see my files/folders/start menu.
Let me know what problems you have after this
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKU\S-1-5-21-792511169-3516626604-724508821-1001\...\CurrentVersion\Windows: [Load] C:\WINDOWS\inf\Other.exe <===== ATTENTION BHO-x32: Adblock -> {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} -> C:\Program Files (x86)\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 2014-10-13 16:10 - 2014-10-13 16:10 - 00000000 ____D () C:\sh4ldr 2014-10-13 16:10 - 2014-10-13 16:10 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-10-13 16:09 - 2014-10-13 16:37 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-10-13 16:06 - 2014-10-13 16:06 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\DenzelT.MrTan\Downloads\SpyHunter-Installer.exe 2014-10-13 11:17 - 2014-10-13 11:17 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-10-13 11:17 - 2014-10-13 11:17 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-10-13 11:17 - 2014-10-13 11:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-10-13 11:17 - 2014-10-13 11:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-10-13 11:17 - 2014-10-13 11:17 - 00000000 ____D () C:\Users\DenzelT.MrTan\AppData\Local\Comodo 2014-10-13 11:17 - 2014-10-13 11:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-10-13 11:17 - 2014-10-13 11:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-09-18 23:05 - 2014-09-18 23:05 - 17253372 _____ () C:\Users\DenzelT.MrTan\Downloads\F42E.tmp 2014-09-18 23:03 - 2014-09-18 23:03 - 01407915 _____ () C:\Users\DenzelT.MrTan\Downloads\A3EC.tmp C:\Users\DenzelT.MrTan\Lame_v3.99.3_for_Windows.exe C:\Users\DenzelT.MrTan\vcredist_x64.exe EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
FINALLY
Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan
Then get the log which will be located under the logs tab on the main page
And post that
here you go.
How is the computer behaving now ?
[*] Download RogueKiller and save it on your desktop.
NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
[*]Quit all programs
[*] Start RogueKiller.exe.
[*] Wait until Prescan has finished …
[*] Click on Scan
https://dl.dropbox.com/u/73555776/RKScan.GIF
[*]Wait for the end of the scan.
[*] The report has been created on the desktop.
[*] Click on the Delete button.
https://dl.dropbox.com/u/73555776/RKDelete.GIF
[*]The report has been created on the desktop.
[*]Next click on the ShortcutsFix
https://dl.dropbox.com/u/73555776/RKFixShortcuts.GIF
[*]The report has been created on the desktop.
Please attach: All RKreport.txt text files located on your desktop.
Excuse me but I do not have a “Fix Shortcuts” button that I can click on. My computer still has the reports that keep showing up every 30 seconds or so.
Could you run this small FRST fix please and then run a fresh FRST scan. Also do you have a screenshot of the Avast alert
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CHR HKLM-x32\...\Chrome\Extension: [dhfcbmlocifngpbjdpgnkbjmgkadkjpp] - C:\Program Files (x86)\Industriya\privitize\1.8.21.6\privitize.crx [] C:\Program Files (x86)\Industriya EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
For some reason when I press fix on FRST64, it doesn’t respond. I’ve tried to reinstall it, but it just turns out the same.
Could you run a fresh FRST scan for me please and also take a screenshot of the Avast popup and attach that
I used the second log you sent me, and it did work. I thought it stopped responding again, but after reopening then app, fixlog was created.
Are you still getting the alerts and are they in chrome only ?
yes. Very annoying. sorry if i caused any inconvenience.
OK could you now run Chrome in incognito mode and let me know if the alerts still appear
https://support.google.com/chrome/answer/95464?source=gsearch
for now no but google chrome is unable to update, avast is also unable to update features for chrome.
Could you reset chrome please … Details here https://support.google.com/chrome/answer/3296214?hl=en
Backup your bookmarks first
It’s fine for me now but when other users are using this computer the alerts show up. Sorry for the late reply.