http://wpad.browserupdatecheck.in/wpad.dat

Viruses and worms
1

Hi ,

I am getting continuous pop up from Avast web shield saying infect URL.

Object :http://wpad.browserupdatecheck.in/wpad.dat avast removal

Earlier I was using Avast free version, but Just to get rid of this Pop up I bought 2 years subscription but still I am getting this pop up.

Please let me know how to remove this virus.

Thanks
Prabhat

2

follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs … 3 logs total

see below the box you write in … Attachments and other options

3

Hello,

As per your instruction, Please find scan log of tools mentioned in your below reply.

Thanks
Prabhat

4

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: AppInit_DLLs-x32: C:\PROGRA~3\{D0F43~1\1170~1.1\defo.dll => No File GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-1770299914-2051860143-957043032-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION URLSearchHook: HKU\S-1-5-21-1770299914-2051860143-957043032-1000 - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File Toolbar: HKU\S-1-5-21-1770299914-2051860143-957043032-1000 -> No Name - {6B896ADB-4A82-46E2-858C-13134782CE34} - No File FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] CHR Extension: (dhdgffkkebhmkfjojejmpbldmpobfkfo) - C:\Users\Prabhat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-04-24] CHR Extension: (emaamodndfmmmcjepfigalbjjjemadom) - C:\Users\Prabhat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\emaamodndfmmmcjepfigalbjjjemadom [2015-04-26] CHR Extension: (gomekmidlodglbbmalcneegieacbdmki) - C:\Users\Prabhat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-26] 2015-08-24 21:21 - 2015-08-24 21:21 - 00003044 _____ C:\Windows\System32\Tasks\{9CF1A2E1-2285-47E6-84A0-A435F2748048} 2015-04-20 14:54 - 2015-04-20 14:54 - 0333503 _____ (AnySend.com) C:\Users\Prabhat\AppData\Local\nscA06B.tmp 2015-04-20 14:53 - 2015-04-20 14:53 - 0333503 _____ (AnySend.com) C:\Users\Prabhat\AppData\Local\nsw4BA7.tmp Task: {5CCD01C5-45DC-4BCD-8EF8-506DF3FF505B} - \APSnotifierPP2 -> No File <==== ATTENTION Task: {61B6D0D3-F68A-4124-9775-CA695C189255} - \PC Shutdown. -> No File <==== ATTENTION Task: {700544C2-6ED0-4D75-85E3-A3D82ADB35CC} - \APSnotifierPP1 -> No File <==== ATTENTION Task: {8DA8760E-0B3E-4068-8F13-AC49AD8122B1} - \APSnotifierPP3 -> No File <==== ATTENTION Task: {F4E79533-F6A6-4C1A-876A-8253E42FAEE6} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

FINALLY

Start FRST again and in the se3arch box type/copy and paste :

browserupdatecheck.in;wpad.dat

The press search registry and attach that log as well

5

Hello,

As per your instruction, Please find scan log of tools mentioned in your below reply.

Thanks
Prabhat

6

Right click this link and select save target as… https://dl.dropboxusercontent.com/u/73555776/tcpip.reg
Save TCPIP.reg to your desktop
Double click TCPIP.reg and allow the file to merge accept all warnings

THEN

Start FRST again and in the se3arch box type/copy and paste :

browserupdatecheck.in;wpad.dat

The press search registry and attach that log .