Starting wednesday, I began receiving alerts from avast about blocking a webpage. As of today, I was getting repeated warnings about svadxbtac8c.com, over 500.
I scanned in safe mode without networking with malwarebytes, spybot s&d, and ran a boot-time scan with Avast. All came up clean (save for a handful of tracking cookies). Loading back into normal mode, the problem persisted.
I updated to Avast 2015, and the svadxbtax.com warnings stopped. However, I received three vmlka.com warnings in succession.
While running my final log (Addition.txt), I received a warning that Avast Rootkit protection had stopped. 2015 was still installing at this time, and I use the free version - I am not sure if this can be disregarded or not.
As of this posting I am receiving NO warnings, but I want to make sure that I’m truly in the clear.
Just to make sure the good folks at Avast know, this is becoming an issue on several of my client’s computers. As far as I can tell, it seems to be either a very sudden rise in one particular infection, or perhaps something to do with a recent Avast update. I will be examining one of my client’s computers tomorrow, and will continue to monitor this forum for possible solutions. It seems too coincidental for their not to be a general answer for many who are having this specific popup, all of a sudden.
As of now I have not yet been able to locate the launch point for this, I am working with a few other users to try and determine the trigger but, a system restore seems to resolve the problem
Unfortunately most of the other victims are probably in bed at the moment due to time zones. I am working on a few things at the moment, where I have had reports that it does not appear in safe mode with networking, so I am thinking that a standard file has been suborned somehow. My next step will be to try a clean boot and try to locate the culprit that way
It seems to have. The second explorer.exe that was taking up an inordinate amount of RAM (which others have mentioned) seems to have vanished as well.
The only thing I’m noticing amiss is that my processes list has an instance of msiexec.exe, and I am not installing anything to my knowledge.
I’ve ended the process for the time being, monitoring to see if it returns.
EDIT: msiexec reappears, initiated by SYSTEM. I am unsure if this instance of the windows installer is legit or not. I’ll be installing Process Explorer to look into it, and report back.
In safe mode w/out networking, I too ran malwarebytes, superantispyware, ccleaner and combofix. Combofix restore point did not solve. svadxvbtuc8c.com persists.
msiexec seems to have responded to my threats and has not reappeared again. I am willing to chalk that incidence up to user paranoia and background updates.