I got URL:Mal popup keep showing up ..

Viruses and worms
1

Hello ,
It’s my first time here in this community :smiley:
Anyways , i have a " URL:Mal " recently .When i open any browser " Firefox , chrome , internet explorer " it just shows up and keep showing like every 10~20 seconds non stop . Good to know that AVAST is doing his job , how wonderful !
I have tried every malware fighter but no real fixing to my issue . It detected some malwares , but nothing happen after that and the issue has been not fixed yet .
Here is my last logs , how can i get previous Malewarebytes scan log result ? cuz this one was the latest and it’s clean …

I have tried aswmbr , but crashed 3 times at the same dll file , why is that ?

http://www.upislam.com/images/35262575901867476182.jpg

Thanks in advance and i really appreciate your hard work ;D

2

Also attach your FRST log…!!
Instructions: https://forum.avast.com/index.php?topic=53253.0

3

Oh , I have already made one but forgot to attach it , here is my latest updated log.
And sorry for my reply delay . I had a problem to connect to the forum website , i really don’t know what happen but the page won’t load and it kept telling me
" Error gate way not found " and sometimes " connection interrupted " , usually i refresh again and the problem is fixed but nothing happened this time
I tried different browser but the same issue .Anyways , it works now… Does anyone know what to do if the problem happens again ?

Thank you for your reply ;D

4

Let me know if this cures it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=66807&st=home&tid=6724&ver=6.5&ts=1405807200000.000007&tguid=66807-6724-1405817452867-82D09486E258F31AA117F56AA2825C97 SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=66807&st=bs&tid=6724&ver=6.5&ts=1405807200000.000007&tguid=66807-6724-1405817452867-82D09486E258F31AA117F56AA2825C97&q={searchTerms} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=66807&st=bs&tid=6724&ver=6.5&ts=1405807200000.000007&tguid=66807-6724-1405817452867-82D09486E258F31AA117F56AA2825C97&q={searchTerms} BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> No File BHO: No Name -> {59724C01-39DF-8279-B8D9-963903150A54} -> No File BHO: No Name -> {6B65453E-CF87-FB64-1D8A-C390D4E398A0} -> No File BHO-x32: Adblocker -> {59724C01-39DF-8279-B8D9-963903150A54} -> C:\Program Files (x86)\Adblocker\YrvOF42kbX.dll No File BHO-x32: pruicechop -> {6B65453E-CF87-FB64-1D8A-C390D4E398A0} -> C:\Program Files (x86)\pruicechop\7sH5f1FDDi.dll No File FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.autoconfig_url", ""); FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.ftp", ""); FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.ftp_port", 0); FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.http", ""); FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.http_port", 0); FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.no_proxies_on", "localhost, 127.0.0.1"); FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.share_proxy_settings", false); FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.ssl", ""); FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.ssl_port", 0); FF NetworkProxy: "user_pref("extensions.browsec.backup.network.proxy.type", 5); FF NetworkProxy: "type", 4 FF user.js: detected! => C:\Users\Ahmed Rashed\AppData\Roaming\Mozilla\Firefox\Profiles\pydousxz.default\user.js FF SearchPlugin: C:\Users\Ahmed Rashed\AppData\Roaming\Mozilla\Firefox\Profiles\pydousxz.default\searchplugins\Web Search.xml CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Jenes\AppData\Local\Torch 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Jenes\AppData\Local\Comodo 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Jenes\AppData\Local\Chromatic Browser 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Guest 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Ahmed Rashed\AppData\Local\Torch 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Ahmed Rashed\AppData\Local\Comodo 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Ahmed Rashed\AppData\Local\Chromatic Browser 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-07-18 17:40 - 2014-07-18 17:40 - 00001056 _____ () C:\Users\Ahmed Rashed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk 2014-07-18 17:35 - 2014-07-18 17:40 - 00000000 ____D () C:\Users\Ahmed Rashed\AppData\Local\iLivid 2014-07-10 16:24 - 2014-07-10 16:24 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Jenes\AppData\Local\Torch 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Jenes\AppData\Local\Comodo 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Jenes\AppData\Local\Chromatic Browser 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Guest 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Ahmed Rashed\AppData\Local\Torch 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Ahmed Rashed\AppData\Local\Comodo 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Ahmed Rashed\AppData\Local\Chromatic Browser 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-07-20 00:19 - 2014-07-20 00:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS CMD: bitsadmin /reset /allusers CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

5

Nothing happen , the URL:Mal keep showing when i open browser or visiting websites :confused:

I have seen search.certified-toolbar and home tab in the log , I’m sure it’s something related to them , I have installed it as a part of an survery or free AP offer at aeriagames.com , you can make an account there and go to AP and then FREE AP offers . You can check how it’s look like " Surveys , videos , downloads " I thought it’s trusted since it’s related to aeriagames but oh well … This is bad actually …

I didn’t find AdwCleaner[S1].txt

Only AdwCleaner[S0] and AdwCleaner[RO] , I also had this error while scanning and while cleaning , when i clicked ok it continued without any problems .

http://www.upislam.com/images/24769164512577018469.jpg

Whatever you do keep doing it and thanks for help .

6

Could you confirm that the alerts are still appearing

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

7

Hmm , after using the fxlist and AdwCleaner i was getting the same URL : Mal message from avast .

But now , everything seems to be ok . The problem might be fixed .
'm not sure since this URL:Mal message is randomly shown up , some times every couple of seconds and sometimes when i visit any website . Sometimes it stops for a couple of hours and continue again like yesterday and continued today .

I really don’t know how to thank you for your effort , really great job .You are the best ;D

I will let you know if it continued again .

8

Let me know tomorrow if all is well and I will tidy up