Hi,

I have bought the avast for about two moths. However, also two virus at least infect my computor.
One is Hao123, which filtrating the main web pape of IE repeatedly, although I have tried several methods according to the manuals on the internet.
One is MpKsl maybe, which plays audio news every few minutes and dives through svchost.exe, also I cannot deal with it.
Hoping avast can improve the protective ability to the Internet virus or somebody can help to provide feasible methods to kill them.

Many thanks in advance.

chang

Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892

Thanks very much for your reply.

The log files have been attached.

Hoping for your help.

Generic.Malware/Suspicious, C:\USERS\CHANG SHENGXIN\DESKTOP\KMS10\KMS10\KMS10.EXE, No Action By User, [0], [392686],1.0.2879 Generic.Malware/Suspicious, C:\USERS\CHANG SHENGXIN\DESKTOP\KMS10\KMS10.ZIP, No Action By User, [0], [392686],1.0.2879

• Open Notepad (click Start button → type notepad.exe → press Enter)
• Copy text from code block below and paste it into Notepad

HKU\S-1-5-21-2202376902-1544658674-2314966911-1000\...\Run: [NewsClientStratRun] => C:\Users\Chang Shengxin\AppData\Roaming\2144GameBox\NewsClient.exe /runhide
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\Chang Shengxin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://hao.qquu8.com/?m=yx&r=j
ShortcutWithArgument: C:\Users\Chang Shengxin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://hao.ttmmt.com/?v=1042
ShortcutWithArgument: C:\Users\Chang Shengxin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://hao.ttmmt.com/?v=1042
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> hxxp://hao.ttmmt.com/?v=1042
C:\Users\Chang Shengxin\AppData\Roaming\2144GameBox
C:\ProgramData\QQGamea79Ydh4020.exe
C:\ProgramData\QQGAMEQCK1041.DLL
EmptyTemp:

• Go to File → Save As
• Make sure that UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Some new scanned files~

Upload fixlog.txt.

Fixlog.txt has been upload~

walwarebytes.txt

Uninstall Tencent software which you don’t use.

• Download AdwCleaner
• Run it and click on Scan
• When scan finishes, click on Clean. Make sure you save you work because this will reboot your system automatically.
• Whensystem starts, report will open in Notepad. Save it and attach to your post.

I have uninstall all the Tencent softwares.

Meanwhile, resently, the avast has intercept the link of ign several times, which showed that the ign infect Win32:Inject-PI [Trj].

Meanwhile, resently, the avast has intercept the link of ign several times, which showed that the ign infect Win32:Inject-PI [Trj].

What is the status of your system now?

If you are using pirated software or going to such websites or do something dodgy get ready to get infected.No AV is 100% and avast probably saved you more than just a hassle in comparison to what it let through.

Also I am not sure how you got infected since Behaviour shield does throw up prompts when something is acting strange unless someone chose ignore.Its set on Fix automatically by default.