HELP wpad.net infection notification on avast

delbert29 · November 18, 2012, 5:23pm

hi,

since of yesterday my avast on my windows 7 computer has been showing notifications that my computer is trying to access a certain website.
the notification pops up every 5 minutes even when I start my computer and haven’t done anything yet and when I open my chrome and internet explorer or other programs that require internet access such as avast itself. I’ve run the avast to scan for viruses and also malwarebytes but they haven’t fund nothing infected. It’s becoming very annoying to get all these pop ups and I have no clue where its coming from. Does anyone know a solution for my problem ?

this is what the notification states:

Infection Details
URL: http://62.116.181.25/wpad.dat
Process: C:\Windows\System32\svchost.exe
Infection: URL:Mal

essexboy · November 18, 2012, 5:35pm

Have you recently installed any addons or new toolbars ?

http://forum.avast.com/index.php?topic=53253.0

delbert29 · November 18, 2012, 6:44pm

I haven’t if I remember, but I had installed a software I might had forgot to unchecked the install toolbar boxes during the installation.

if I follow the instructions on the link you gave me it should resolve the problem ?

I also had received these

Infection Details
URL: http://wpad.columbus.net/wpad.dat
Process: C:\Program Files\AVAST Software\Avast\se…
Infection: URL:Mal

essexboy · November 18, 2012, 7:25pm

AdwCleaner should but if it does not then produce an OTL log

delbert29 · November 18, 2012, 9:57pm

AdwCleaner v2.007 - Logfile created 11/18/2012 at 17:22:35

Updated 06/11/2012 by Xplode

Operating system : Windows 7 Home Premium (64 bits)

User : Delbert - DELBERT-HP

Boot Mode : Normal

Running from : C:\Users\Delbert\Downloads\AdwCleaner.exe

Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [Registry] *****

***** [Internet Browsers] *****

-\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\ Google Chrome v [Unable to get version]

File : C:\Users\Delbert\AppData\Local\Google\Chrome\User Data\Default\Preferences
this is what the adwcleaner found, I’ve already deleted the infected files but problem still consist.

One question, can this infection harm other computers that are connected on my router ? if yes what precaution could I take

[OK] File is clean.

AdwCleaner[R1].txt - [914 octets] - [18/11/2012 15:57:47]
AdwCleaner[R2].txt - [973 octets] - [18/11/2012 15:58:19]
AdwCleaner[R3].txt - [1032 octets] - [18/11/2012 17:22:16]
AdwCleaner[S2].txt - [969 octets] - [18/11/2012 17:22:35]

########## EOF - C:\AdwCleaner[S2].txt - [1028 octets] ##########

essexboy · November 18, 2012, 10:17pm

It depends on what the infection is, could you run OTL please and attach the log

delbert29 · November 18, 2012, 10:32pm

here’s the otl log

essexboy · November 18, 2012, 10:40pm

Do you have any other computers using your router ? If so are they experiencing the same problem ?

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

delbert29 · November 18, 2012, 10:56pm

Yes I have other pc on the router but non have shown to be infected as mine does.

essexboy · November 18, 2012, 11:00pm

OK lets run an elevated command prompt

Go Start > All Programs > Accessories
Right click command prompt and select Run as Administrator
In the black box type the following commands pressing enter after each :

ipconfig /release
ipconfig /renew
ipconfig /flushdns

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

delbert29 · November 18, 2012, 11:47pm

I had run it but their was no log appearing on the screen.

Pondus · November 18, 2012, 11:50pm

the log usually arrive here…

C:\ComboFix.txt

delbert29 · November 18, 2012, 11:57pm

nothing there. there’s a file named combofix containg a file names ATTRIB.3XE nothing else
the program asked me to turn off my antivirus, I did it before I ran the software but I guess it wasn’t properly done.
after I disabled the antivirus I pressed ok to continue

system · November 19, 2012, 12:26am

Delbert29.

Essexboy is located in the UK. He probably logged out for tonight. Wait for instructions tomorrow.

essexboy · November 19, 2012, 2:32pm

Did combofix appear to run through all 50 stages and reboot the computer ?

delbert29 · November 19, 2012, 10:11pm

no their was no reboot

essexboy · November 19, 2012, 10:32pm

Could you re-run combofix if necessary from safe mode

delbert29 · November 20, 2012, 12:10am

I disabled my antivirus software but combofix found that they were still running so I removed both and restarted the pc but combofix keeps notifying me about the antiviruses

delbert29 · November 21, 2012, 9:53pm

haven’t heard from you back

essexboy · November 21, 2012, 10:13pm

Sorry I missed the notification

Are the alerts still happening ?