hxxps:\\svadxbtac8c.com and vmlka.com blocked repeatedly, Avast antirootkit stop

Starting wednesday, I began receiving alerts from avast about blocking a webpage. As of today, I was getting repeated warnings about svadxbtac8c.com, over 500.

I scanned in safe mode without networking with malwarebytes, spybot s&d, and ran a boot-time scan with Avast. All came up clean (save for a handful of tracking cookies). Loading back into normal mode, the problem persisted.

I updated to Avast 2015, and the svadxbtax.com warnings stopped. However, I received three vmlka.com warnings in succession.

While running my final log (Addition.txt), I received a warning that Avast Rootkit protection had stopped. 2015 was still installing at this time, and I use the free version - I am not sure if this can be disregarded or not.

As of this posting I am receiving NO warnings, but I want to make sure that I’m truly in the clear.

Thank you!

svadxbtac8c.com has returned.

Just to make sure the good folks at Avast know, this is becoming an issue on several of my client’s computers. As far as I can tell, it seems to be either a very sudden rise in one particular infection, or perhaps something to do with a recent Avast update. I will be examining one of my client’s computers tomorrow, and will continue to monitor this forum for possible solutions. It seems too coincidental for their not to be a general answer for many who are having this specific popup, all of a sudden.

This had dropped off the first page. Any ideas?

As of now I have not yet been able to locate the launch point for this, I am working with a few other users to try and determine the trigger but, a system restore seems to resolve the problem

Thanks essexboy. I’m looking forward to you finding the trigger for this. But in the meantime, if all else fails, I will try a system restore.

Unfortunately most of the other victims are probably in bed at the moment due to time zones. I am working on a few things at the moment, where I have had reports that it does not appear in safe mode with networking, so I am thinking that a standard file has been suborned somehow. My next step will be to try a clean boot and try to locate the culprit that way

I do not have a restore point. :frowning:

I was wrong; I have a restore point for Windows Update: 10-21. Running this now.

"System Restore did not complete successfully. Your computer’s system files and settings were not changed.

Details:
An unspecified error occured during System Restore. (0xc0000022)"

Did that stop the alerts though ?

The alerts stop after using a vpn such as hotspotshield.

It seems to have. The second explorer.exe that was taking up an inordinate amount of RAM (which others have mentioned) seems to have vanished as well.

The only thing I’m noticing amiss is that my processes list has an instance of msiexec.exe, and I am not installing anything to my knowledge.

I’ve ended the process for the time being, monitoring to see if it returns.

EDIT: msiexec reappears, initiated by SYSTEM. I am unsure if this instance of the windows installer is legit or not. I’ll be installing Process Explorer to look into it, and report back.

In safe mode w/out networking, I too ran malwarebytes, superantispyware, ccleaner and combofix. Combofix restore point did not solve. svadxvbtuc8c.com persists.

msiexec seems to have responded to my threats and has not reappeared again. I am willing to chalk that incidence up to user paranoia and background updates.

Thanks for the update, at least it confirms that it is not a false positive