Looking for some help getting rid of this url which is constantly being blocked by Avast. Various logs attached. Something to do with scvhost.exe.
Any advice much appreciated.
Looking for some help getting rid of this url which is constantly being blocked by Avast. Various logs attached. Something to do with scvhost.exe.
Any advice much appreciated.
Monitoring…
Hello,
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[]In the main box please paste in the following script:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Hi AvastCheese,
Please make that live link to adware unclickable with hxtp - we do not want unaware users to click it!
See why? Well, look here: https://www.virustotal.com/en-gb/url/440b0ca7e5d9691cb2bc4fcf269f7f97101217de8be4d8a1226c38245323fff1/analysis/1434904874/
and here: https://www.virustotal.com/en-gb/file/7db4fa27087f9ef439b6a4b7f955abba34e57f2db770e6addd661c445287dc82/analysis/1434598034/
Avast detects this Adware.
polonus
OK mate
Thanks. Log attached.
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
Here you go
Looks like that did the trick, many thanks. Check your emails.
Thanks
Post-cleanup procedures:
Download DelFix by Xplode and save it to your desktop.
[*]Run the tool by right click on the
http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.png
icon and Run as administrator option.
[*]Make sure that these ones are checked:
[]Remove disinfection tools
[]Purge system restore
[*]Reset system settings
[*]Push Run and wait until the tool completes his work.
All tools we used should be gone. Tool will create an report for you (C:[B]DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
I started getting last few weeks the following popups:
bestdriverstar.net/4141
simplesitescan.net/4141
anychicago.com
alwaysisobar.com
Avast pops up and anounces that a threat has been detected and blocked. on the top right hand corner there’s a little bar with number 1/2 2/4 and on it goes.
How can I stop it? it’s very frustrating!
Any help would be appreicated
Hello,
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Hi
Thanks for the quick reply.
Here’s the file. Hope this helps.
You’re missing Addition.txt report.
Really very sorry. Missed that.
Here it is
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[]In the main box please paste in the following script:
createsrpoint;
autoclean;
emptyalltemp;
C:\ProgramData\{82a67107-dcb0-e362-82a6-67107dcbc41f};fs
bitsadmin /reset /allusers;b
ipconfig /flushdns;b
[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Cong. Nachlas Aron on Thu 07/09/2015 at 17:39:27.31.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Cong. Nachlas Aron\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
7/9/2015 5:41:42 PM Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\Program Files\Dell deleted successfully
C:\PROGRA~2\ioloGovernor deleted successfully
C:\Users\Cong. Nachlas Aron\AppData\Roaming\XCPCSync.OEM deleted successfully
C:\Users\Cong. Nachlas Aron\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Cong. Nachlas Aron\AppData\Local\EmieSiteList deleted successfully
C:\Users\Cong. Nachlas Aron\AppData\Local\EmieUserList deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mewozevo deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mewozevo deleted successfully
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\Program Files\Dell not found
C:\ProgramData{82a67107-dcb0-e362-82a6-67107dcbc41f} deleted
C:\PROGRA~2{33055818-e07f-bf4d-3305-55818e076063} deleted
C:\PROGRA~2\2309780261489534422 deleted
C:\Users\Cong. Nachlas Aron\AppData\Roaming\4C4C4544-1430995841-4210-8053-C8C04F465131 deleted
C:\PROGRA~2\FlashBeat deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\Cong. Nachlas Aron\AppData\Local\4C4C4544-1430981634-4210-8053-C8C04F465131 deleted
C:\Users\Cong. Nachlas Aron\AppData\Local\SmartWeb deleted
C:\Users\Cong. Nachlas Aron\AppData\LocalLow\SmartWeb deleted
C:\Windows\wininit.ini deleted
“C:\Windows\Installer\273db2.msi” deleted
“C:\Users\Cong. Nachlas Aron\AppData\Local\e3b8e27aa8610e3bd300f454a5266d1f” deleted
“C:\ProgramData{52B90368-A12C-4248-94E0-0AE200F6C536}” deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
“wrc@avast.com”=“C:\Program Files\AVAST Software\Avast\WebRep\FF” [04/29/2015 11:41 AM]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[04/29/2015 11:41 AM]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[04/29/2015 11:41 AM]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=“http://entertainment.verizon.com/news”
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=“http://entertainment.verizon.com/news”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{6E43F03D-1E49-4685-89A1-0CC16790906F}”
{012E1000-F331-11DB-8314-0800200C9A66} Google Url=“http://www.google.com/search?q={searchTerms}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url=“Not_Found”
{6E43F03D-1E49-4685-89A1-0CC16790906F} Google Url=“https://www.google.com/search?q={searchTerms}”
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-386005064-1606148948-1427465896-1000\Software\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B89A557EF54F80041A5ACFC44B2D71A7 deleted successfully
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall{E755A98B-F45F-4008-A1A5-FC4CB4D2177A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B89A557EF54F80041A5ACFC44B2D71A7 deleted successfully
==== Empty IE Cache ======================
C:\Users\Cong. Nachlas Aron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cong. Nachlas Aron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Cong. Nachlas Aron\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\CONG~1.NAC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\CONG~1.NAC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\CONG~1.NAC\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache is not empty, a reboot is needed
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=109 folders=41 260590596 bytes)
==== Empty Temp Folders ======================
C:\Users\Cong. Nachlas Aron\AppData\Local\Temp will be emptied at reboot
C:\Users\CONG~1~NAC\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\CONG~1.NAC\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\CONG~1.NAC\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:$RECYCLE.BIN successfully emptied
==== EOF on Thu 07/09/2015 at 17:54:25.79 ======================
How is your PC behaving now?
Hi,
Thanks.
Since this last one was run, no popups at all. Back to the good old days…lol.
Do I have to do anything else?
Thanks
You’re good to go
Post-cleanup procedures:
Download DelFix by Xplode and save it to your desktop.
[*]Run the tool by right click on the
http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.png
icon and Run as administrator option.
[*]Make sure that these ones are checked:
[]Remove disinfection tools
[]Purge system restore
[*]Reset system settings
[*]Push Run and wait until the tool completes his work.
All tools we used should be gone. Tool will create an report for you (C:[B]DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.