HTML:Script-inf

I have been getting these messages about a Threat being blocked…

URL: h**p://us-e-node4.smartyads.com/?t=s&winbid=0.22&k=16d13dcf009be0a65a1850a3f10e8164
Infection: HTML:Script-inf
Process: C:\Program Files (x86)\msrtn32\rthdcpd.exe

h**p://us-e-node6.smartyads.com/?t=s&winbid=0.14&k=0dca0130504a07026449ffd4e4d4243f
Infection: HTML:Script-inf
Process: C:\Program Files (x86)\msrtn32\rthdcpd.exe

I did a bit of looking and some sites claim its a false positive, others telling me another story…Any Ideas?

Windows 8.1
Firefox 42.0

Run (online) scans > http://www.ache.nl
and ask avast
https://blog.avast.com/tag/false-positive/

Sorry, Kinda confused here…What scans should I run on that page?

VirSCAN.org Scanned Report :
Scanned time : 2015-12-03 13:05:16
Scanner results: 5%的杀软(2/39)报告发现病毒
File Name : rthdcpd.exe
File Size : 399872 byte
File Type : application/x-dosexec
MD5 : c9f9d521b20c6e57fefda38f35fae217
SHA1 : c46b418ab395224bb218d83d305f182a8a94d8bf
Online report : http://r.virscan.org/report/cad8baf673840541a979e9f9eb955b52

Scanner Engine Ver Sig Ver Sig Date Time Scan result
ahnlab 9.9.9 9.9.9 2013-05-28 4 Found nothing
antivir 1.9.2.0 1.9.159.0 7.12.33.186 17 Found nothing
antiy AVL SDK 2.0 1970-01-01 45 Found nothing
arcavir 1.0 2011 2014-05-30 8 Found nothing
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 1 Found nothing
avast 151201-1 4.7.4 2015-12-01 30 Found nothing
avg 2109/10585 10.0.1405 2015-11-29 1 Found nothing
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 4 Found nothing
baidusd 1.0 1.0 2014-04-02 1 Found nothing
bitdefender 7.58879 7.90123 2015-01-16 1 Found nothing
clamav 21121 0.97.5 2015-12-01 1 Found nothing
comodo 15023 5.1 2015-11-30 3 Found nothing
ctch 4.6.5 5.3.14 2013-12-01 1 Found nothing
drweb 5.0.2.3300 5.0.1.1 2015-11-28 36 Found nothing
fortinet 30.869, 30.869,5.1.158 2015-12-02 1 Found nothing
fprot 4.6.2.117 6.5.1.5418 2015-12-02 1 W32/Felix:EX:010!Eldorado
fsecure 2015-08-01-02 9.13 2015-08-01 5 Found nothing
gdata 25.4604 25.4604 2015-12-01 8 Found nothing
hauri 2.73 2.73 2015-01-30 1 Found nothing
ikarus 1.06.01 V1.32.31.0 2015-12-02 16 Found nothing
jiangmin 16.0.100 1.0.0.0 2015-11-28 2 Found nothing
kaspersky 5.5.33 5.5.33 2014-04-01 22 Found nothing
kingsoft 2.1 2.1 2013-09-22 10 Found nothing
mcafee 7879 5400.1158 2015-07-31 9 Found nothing
nod32 1777 3.0.21 2015-06-12 1 Found nothing
panda 9.05.01 9.05.01 2015-12-02 4 Found nothing
pcc 12.186.07 9.500-1005 2015-12-02 1 Found nothing
qh360 1.0.1 1.0.1 1.0.1 6 HEUR/QVM10.1.Malware.Gen
qqphone 1.0.0.0 1.0.0.0 2015-12-03 2 Found nothing
quickheal 14.00 14.00 2015-12-01 2 Found nothing
rising 25.95.01.02 25.95.01.02 2015-12-01 3 Found nothing
sophos 5.17 3.60.0 2015-08-01 8 Found nothing
sunbelt 3.9.2671.2 3.9.2671.2 2015-12-01 3 Found nothing
symantec 20151130.003 1.3.0.24 2015-11-30 1 Found nothing
tachyon 9.9.9 9.9.9 2013-12-27 3 Found nothing
thehacker 6.8.0.5 6.8.0.5 2015-11-27 1 Found nothing
tws 17.47.17308 1.0.2.2108 2015-12-02 6 Found nothing
vba 3.12.26.4 3.12.26.4 2015-12-02 6 Found nothing
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 15 Found nothing

https://forum.avast.com/index.php?topic=53253.0
Follow the instructions.

ok here is my malwarebytes log.

also the farbar logs.

Hi omegaluke,

After you have been cleansed with the help of a qualified removal expert, so wait for his advice and follow that to the dot, it might be a good idea to enable PUP detection in Avast. Doing that in the past could have saved your day and a visit here ;D

polonus

Thanks Polonus. I will Do That. After running the asw scan, should I click the fixmbr button or no?

OOPS messed up the scan… let me redo it.

+1

Also do not use cracks/hacks.

I Will avoid that in the future :slight_smile:

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-2459947554-2638681531-3316893446-1001\...\Run: [kfapnn] => rundll32.exe "C:\Users\omegaluke\AppData\Local\kfapnn.dll",kfapnn <===== ATTENTION Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-11-27] (Lavasoft Limited) Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-11-27] (Lavasoft Limited) Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-11-27] (Lavasoft Limited) Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-11-27] (Lavasoft Limited) Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-11-27] (Lavasoft Limited) 2015-12-01 21:36 - 2015-12-01 21:36 - 00009216 _____ C:\Users\omegaluke\AppData\Local\kfapnn.dll 2015-11-03 16:05 - 2015-11-03 16:05 - 00000000 __HDC C:\ProgramData\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1} Task: {DD633001-C65F-46F1-887D-055A308AF02D} - \WebDnsio2 -> No File <==== ATTENTION C:\Windows\system32\LavasoftTcpService64.dll Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

My ASW Log.

my frst log after fixing with the fixlist.txt

Have the alerts ceased ?

Yeah the alerts have stopped. I Ran the Adwcleaner but didnt do the clean button yet…as I am not sure what If anything i should keep or delete…or is it all garbage? so here is the log BEFORE cleaning.

Yep hit clean

Ok here is the adwcleaner log as requested :slight_smile:

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version

https://dl.dropboxusercontent.com/u/73555776/javara.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme :wink:

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

So im all clear? Thank you ever so much for your help…Everyone :slight_smile: