Hi , for some time now , avast web shield keeps giving me warnings.Here’s a pic of the error.Please tell me what i can do to fix it.
P.S I forgot to tell you that the object is changing sometimes with other sites.
Thanks in advance
hey and welcome to the forum.
please follow this guide and attach your logs. we need the logs from mbam. otl, and aswmbr.
http://forum.avast.com/index.php?topic=53253.0
good luck
Hi,
It appears you have an infected seed. Follow what Mikael asked. I strongly recommend you discontinue the use of uTorrent.
General P2P Warnings:
InfoWorld: http://www.infoworld.com/d/security-central/update-seattle-man-arrested-p-p-id-theft-103
USA Today: http://usatoday30.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm
FBI: http://www.fbi.gov/scams-safety/peertopeer/oeertopeer
Just one more personal warning. I have a friend, completely ignored what I said about uTOrrent. When I scan her computer on a monthly basis, just through MBAM scans I can see results of 750+ Objects. Not only are you putting yourself at risk it’s illegal.
Hi , i did as you said and here is the MBAM log , if it helps you.
Holy crap.
Uhh. Re-Run MBAM and when it’s finished, right click and select “select All”. Then delete. Make sure it’s updated as well (Definitions).
After that, run OTL from mikael’s link and attach OTL & Extra’s.
Just some friendly advice. Looking at that MBAM file. You have an “Adware City”. Be careful what you allow to install. If you have the chance to. Untick everything when installing new programs.
A program that will automatically do so.
Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup or folder and choose to Run as Administrator
Once open click the Install button.
Then click on Finish.
Unchecky is now installed and will help you keep unwanted check boxes unchecked
You can find a tutorial here: http://www.youtube.com/watch?v=O11jmV8yCXc
I agree, holy crap. Always amazes me how people end up with all this crap on their computer.
Here is the OTL and Extras.I really don’t know what is in these files =))
And
you dont have to know… Malware experts know
Hi,
OTL Fix
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:FILES
C:\Users\Remus\AppData\Local\Torch
C:\Users\Remus\AppData\Roaming\Mozilla\Firefox\Profiles\owze3c77.default\Extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com
C:\Users\Remus\AppData\Roaming\Mozilla\Firefox\Profiles\owze3c77.default\Extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData
C:\Users\Remus\AppData\Roaming\Mozilla\Firefox\Profiles\owze3c77.default\Extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData
C:\Users\Remus\AppData\Roaming\Mozilla\Firefox\Profiles\owze3c77.default\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi
C:\Users\Remus\AppData\Roaming\Mozilla\Firefox\Profiles\owze3c77.default\searchplugins\search-here.xml
C:\Program Files (x86)\iWebar
C:\Program Files (x86)\Sense
C:\Program Files (x86)\Mobogenie
:OTL
SRV - [2013/12/21 01:02:35 | 001,205,760 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Users\Remus\AppData\Local\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
IE - HKU\S-1-5-21-1933885909-1202024360-2826252561-1000\..\SearchScopes\{47415E29-BD90-4F69-A41D-170187A3EEB7}: "URL" = http://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms}
FF - prefs.js..browser.startup.homepage: "http://www.mysearchresults.com/?c=8004&t=11"
O2:[b]64bit:[/b] - BHO: (iWebar) - {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho64.dll File not found
O2:[b]64bit:[/b] - BHO: (Sense) - {11111111-1111-1111-1111-110411821192} - C:\Program Files (x86)\Sense\Sense-bho64.dll File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKU\S-1-5-21-1933885909-1202024360-2826252561-1000..\Run: [iLivid] C:\Users\Remus\AppData\Local\iLivid\iLivid.exe (Bandoo Media Inc.)
O32 - AutoRun File - [2009/07/13 14:55:00 | 000,000,043 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
:COMMANDS
[EMPTYTEMP]
[resethosts]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
If the log doesn’t appear, it can be found here:
c:_OTL\MovedFiles\mmddyyyy_hhmmss.log
AdwCleaner Scan
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.
Here is the log.Btw , it deleted all my bookmarks from torch , can i get them back ? :))
I see unchecky in your OTL logs. Removed my original post.
Thats the unchecky website.
I wouldn’t use Torch at all! It’s a torrent browser. You’re looking to be reinfected. I count at least 4 Trojans in you MBAM log file. And 200+ PUP files. I recommend you stop using it now and switch to CHrome, Opera, IE, FireFox or something.
I would recommend Internet Explorer cause it has the highest malware detection rate on downloads and websites, and it has just 40 vulnerabilities.
http://secunia.com/vulnerability-review/vulnerability_update_top50.html
Hi, torch was target of OTL (script) that’s why it is removed.
I can back you the torch but I really do not see the point of use. Why you don’t use browsers from known vendors as Firefox, Opera or Chrome. IE 10/11 is good as well.
What would you use torch anyway?
Anyway, tell me how do you want to proceed? Torch? …or continue on (run adwcleaner)?
I use torch because it is much faster than firefox and i don’t really use the torrent on the browser , does it make a diference ?? And yes , i want to go on with the adwcleaner.And 1 more question , what is your choice and what would you suggest for me ? ( as i already said , in my opinion firefox runs pretty slow and i always had problems with it )
I would sugges not to use torch as browser as you can use Firefox, Chrome or Opera. IE10/11 is preaty fast & good as well.
Firefox is to slow for you? Use Google’s Chrome then. Chrome is fast and safe browser. Torch has adwaresing history, therefore …
If you wish to continue (not to restore Torch) run AdwCleaner, post here resulting log and post fresh OTL.txt logreprot by running OTL and QuickScan.
HI , here is the adw logand the recent OTL log
Aye! You still have a lot of crapware… I see you have Hamachi. Private Minecraft Server is on the Desktop…
[2014/02/22 15:26:22 | 000,000,000 | —D | C] – C:\Users\Remus\Desktop\minecraft server
O4 - HKLM…\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
[2014/02/27 14:45:05 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014/02/22 15:22:52 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) – C:\Windows\SysNative\hamachi.sys
[2014/02/22 15:22:37 | 000,000,000 | —D | C] – C:\Users\Remus\AppData\Local\LogMeIn Hamachi
[2014/02/22 15:22:37 | 000,000,000 | —D | C] – C:\Users\Remus\AppData\Local\LogMeIn
With 4GB’s of Physical Memory (RAM). I do not recommend you run a MC server. No matter how small.
MySearchDial is still in FireFox
FF - prefs.js..browser.startup.homepage: "http://www.mysearchresults.com/?c=9998&t=01"
Something in the host file appears to be corrupt?
O1 - Hosts: ‣湵档捥祫扟来湩‣桔獥畲敬敷敲愠摤摥戠⁹桴湕档捥祫瀠潲牧浡椠牯敤潴戠潬正愠癤牥楴楳杮猠景睴牡潭畤敬൳《〮〮〮琠慲正湩灯湥慣摮潣㍳愮慭潺慮獷挮浯⸰⸰⸰‰敭楤灯湥慣摮潣൭《〮〮〮挠湤漮数据湡祤挮浯⸰⸰⸰‰牴捡楫杮漮数据湡祤挮浯⸰⸰⸰‰灡灯湥慣摮潣൭《〮〮〮椠獮慴汬牥戮瑥整楲獮慴汬牥挮浯⸰⸰⸰‰湩瑳污敬楦敬畢汬潤潣൭《〮〮〮搠漳瑸ㅮ㍸㡢㝤汣畯晤潲瑮渮瑥⸰⸰⸰‰湩潮戮獩癲挮浯⸰⸰⸰‰獮獩戮獩癲挮浯⸰⸰⸰‰摣楦敬搲獥瑫灯挮浯⸰⸰⸰‰摣潧瑡慥瑳慣档甮൳《〮〮〮挠湤朮瑵慴瑳瑡此甮൳《〮〮〮挠湤椮獮楫浮摥慩挮浯⸰⸰⸰‰摣湩瑳楯畢摮敬㉳挮浯⸰⸰⸰‰摣湩瑳汰祡牢瑹潣൭《〮〮〮挠湤氮潬敧晴獡捴捡獵⸰⸰⸰‰摣潭瑮敩慲挮浯⸰⸰⸰‰摣獭睤汮潣൭《〮〮〮挠湤洮灹扣捡畫潣൭《〮〮〮挠湤瀮摰睯汮慯潣൭《〮〮〮挠湤爮捩慥整獡捴捡獵⸰⸰⸰‰摣桳慹潰慴潴甮൳《〮〮〮挠湤献汯浩慢挮浯⸰⸰⸰‰摣畴潴瀴潣൭《〮〮〮挠湤愮灰潲湵楢ൺ《〮〮〮挠湤戮杩灳敥灤潲挮浯⸰⸰⸰‰摣楢灳潣൭《〮〮〮挠湤戮獩癲挮浯⸰⸰⸰‰摣摣摮潣൭《〮〮〮挠湤搮睯汮慯睳敥灴捡獫挮浯⸰⸰⸰‰摣灤潤湷潬摡挮浯⸰⸰⸰‰摣楶畳污敢敮൴⌊甠据敨正役湥
compared to original logs.
O1 HOSTS File: ([2014/02/25 13:05:41 | 000,001,927 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
O1 - Hosts: 0.0.0.0 media.opencandy.com
O1 - Hosts: 0.0.0.0 cdn.opencandy.com
O1 - Hosts: 0.0.0.0 tracking.opencandy.com
O1 - Hosts: 0.0.0.0 api.opencandy.com
O1 - Hosts: 0.0.0.0 installer.betterinstaller.com
O1 - Hosts: 0.0.0.0 installer.filebulldog.com
O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
O1 - Hosts: 0.0.0.0 inno.bisrv.com
O1 - Hosts: 0.0.0.0 nsis.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.file2desktop.com
O1 - Hosts: 0.0.0.0 cdn.goateastcach.us
O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us
O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com
O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com
O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com
O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us
O1 - Hosts: 0.0.0.0 cdn.montiera.com
O1 - Hosts: 0.0.0.0 cdn.msdwnld.com
O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com
O1 - Hosts: 0.0.0.0 cdn.ppdownload.com
O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us
O1 - Hosts: 0.0.0.0 cdn.shyapotato.us
O1 - Hosts: 0.0.0.0 cdn.solimba.com
O1 - Hosts: 0.0.0.0 cdn.tuto4pc.com
O1 - Hosts: 9 more lines...
Sorry, I’m done now Magna.