HTML:Script-inf notification on sites

Hello. On almost every other site that I visited since Monday, Avast always notified me that it blocked the malware. Some of the sites were Facebook, Gmail, Youtube, Google (anything google actually), Goodreads, and Wanikani. The notification only showed when I was surfing the net. I scanned my laptop with Avast, Malwarebytes, and SuperAntiSpyware but they found nothing other than the adware cookies SAS found.

It looks like this the one attached. Although, I noticed that the Object will change depending on the site like wxw.youtube.com for Youtube.

Is my laptop infected?

hey and welcome to the forum.

just in case please folow this guide and attach your logs (we need the logs from mbam,otl and aswmbr.)

http://forum.avast.com/index.php?topic=53253.0

a malware expert will help you from there.

Thank you! :slight_smile:
Attached here are the logs needed.

I think I should also mention that the https on any google site has been crossed out like that one in the attached image.

Does this only occur in Chrome or is it all browsers ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-1571551566-2142266946-1412682456-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-1571551566-2142266946-1412682456-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-1571551566-2142266946-1412682456-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
[2013/07/29 13:02:01 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\EU\AppData\Roaming\Mozilla\Firefox\Profiles\mu52aczu.default\extensions\plugin@getwebcake.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
[2013/08/17 00:28:00 | 000,000,000 | ---D | M] -- C:\Users\EU\AppData\Roaming\Web Cake

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

I’m not using Firefox much so I forgot to mention that. But now that I did, Avast is showing me another blocked malware. I’ve attached the screenshot below.

Good thing is that, there’s no more notifications when I use Chrome and even the crossed-out https seems okay now. :slight_smile:

Here are the logs from OTL and Adwcleaner.

Let me know if this stops the FF alerts

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..extensions.enabledAddons: plugin@getwebcake.com:1.00.01

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

It does. Thank you very much for your help! :slight_smile:
Here’s the latest log.

I’ll let you in on a secret … I missed that first time around :-[

To remove OTL run it and press the cleanup button :slight_smile:

No problem. You were still able to help. :slight_smile:
Are Avast, Malwarebytes, and SAS enough to avoid this from happening again?

From my point of view I only use Avast downloading MBAM every few months or so to test my system. For a guide on how to use free download sites have a look at this blog http://blog.avast.com/2013/07/09/shady-practices-of-free-download-servers/

Okay. Thanks again!