system
1
After last update, Avast keeps popping up with the alert about my svchost.exe being infected with URL:Mal.
Infection details:
URL: http://113.171.224.169/videoplayer/extension_1_4_8_866.crx?ich_u_r_i=097c31befa8dd5b7ec0474650deacce0&ich_s_t_a_r_t=0&ich_e_n_d=0&ich_k_e_y=1645048915751563592479&ich_t_y_p_e=1&ich_d_i_s_k_i_d=5&ich_u_n_i_t=1
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe
I’m running on Windows 7 64-bit.
Please help! Thanks in advance.
Eddy
2
system
3
Here are my log files attached below.
Also I notice after running aswMBR.exe scan, the alert has gone. Is the issue fixed or do I have to do anything else?
Let me know of any problems after this
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKU\S-1-5-21-1796178084-3473953688-3069791161-1000\...\Run: [patcherUpdates] => C:\Users\Ti\AppData\Local\Temp\patcher\patcherUpdates.exe [1169224 2010-11-21] (Microsoft Corporation) <===== ATTENTION
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
CHR HomePage: Default -> javascript:function the_selection(d) {return d.selection ? d.selection.createRange().text : d.getSelection();} the_s = the_selection(document); for (i=0; i\u003Cframes.length && !the_s; i++) the_s = the_selection(frames[i].document); if (!the_s the_s=='') the_s = ''; var h_or_q='?'; if ('onhashchange' in window) {h_or_q='#'}the_url='hxxp://fsymbols.com/emoji-bookmarklet/' + (the_s ? h_or_q+'s=' + encodeURIComponent(the_s) : '');the_new_window=window.open(the_url,'the_window','height=717,width=750');if (window.focus) {the_new_window.focus();}
CHR StartupUrls: Default -> "","chrome://newtab/","hxxp://en.wikipedia.org/wiki/Special:Randompage"
CHR Session Restore: Default -> is enabled.
C:\Users\Ti\AppData\Local\Temp\patcher
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
system
5
Thank you for helping, here’s the fix log.
How is the computer behaving now ?
system
7
Everything seems to back to normal, the alert has gone, the computer works fine, nothing strange as I notice.