Infected by URL:Mal

Message that AVAST presents repeatedly in the last couple of days is:
We have safely aborted the asdbjhwjashdfsancbxzv.99lnk.com connection because it was infected by URL:Mal

Process: C:WindowsSystem32wscript.exe
Gravity: Low

After executing Malwarebytes, HitmanPro, CCleanor
and restart, every time the computer, has NOT resolved the topic.

Following the instructions of the forum I have passed
Fabar Recovery Scan Tool.

Attached the two files created

Can you help me?
Thank you

Malware expert is notified. It may take hours before he is online

URL:Mal = Blacklisted URL or IP
https://www.virustotal.com/#/url/6049bc2991fea0af764bd5d5b0926c93f2d06984e630bf44b76f450d4994363b/detection

Hi,

please check “C:\Users\usuario\AppData\Roaming\appk\HDAudi.vbs” via virustotal.com.

Add the link to the result of the scan here.

If it’s found malicious.

Remove these files:
C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDAudi.lnk
C:\Users\usuario\AppData\Roaming\appk\HDAudi.vbs

Regards,
PDI

  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad
Startup: C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDAudi.lnk [2018-03-07]
ShortcutTarget: HDAudi.lnk -> C:\Users\usuario\AppData\Roaming\appk\HDAudi.vbs ()
GroupPolicy: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1161662491-1988502887-1330458484-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1161662491-1988502887-1330458484-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lkeklglhcgdafkfiiagmabcogjapcklc] - C:\Program Files (x86)\HDvidCodec.com\HDvidCodecCR10.crx <not found>
Task: {23E065A7-A76B-44F0-8C04-34613B0DE03A} - System32\Tasks\{47EF6CE7-8056-417B-A80B-873D09B60DA1} => C:\Users\usuario\AppData\Local\Temp\is-IO6G9.tmp\XRD Manager.exe <==== ATTENTION
Task: {40E0D075-7A94-4CAD-878E-1D5CE679C58A} - System32\Tasks\0 => c:\program files (x86)\internet explorer\iexplore.exe  <==== ATTENTION
Task: C:\WINDOWS\Tasks\{47EF6CE7-8056-417B-A80B-873D09B60DA1}.job => C:\Users\usuario\AppData\Local\Temp\is-IO6G9.tmp\XRD Manager.exeȚ/exenoupdates  /exelang 3082 /noprereqs  /qr   AI_RESUME=1 ADDLOCAL=MainFeature,XRDdrivers64 ACTION=INSTALL EXECUTEACTION=INSTALL ROOTDRIVE D:\ TRANSFORMS=:3082 AI_PREREQFILES=C:\Users\usuario\AppData\Local\Temp\{47EF6CE7-8056-417B-A80B-873D09B60DA1}\drivers64.msi AI_PREREQDIRS=C:\Users\usuario\AppData\Local\Temp AI_SETUPEXEPATH=C:\Users\usuario\AppData\Local\Temp\is-IO6G9.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\usuario\AppData\Local\Temp\is-IO6G9.tmp <==== ATTENTION
VirusTotal: C:\Users\usuario\AppData\Roaming\appk\HDAudi.vbs;C:\Users\usuario\AppData\Local\Temp\is-IO6G9.tmp\XRD Manager.exe;c:\program files (x86)\internet explorer\iexplore.exe
C:\Users\usuario\AppData\Roaming\appk\HDAudi.vbs
C:\Program Files (x86)\HDvidCodec.com
C:\Users\usuario\AppData\Local\Temp\is-IO6G9.tmp
C:\Users\usuario\AppData\Roaming\appk
  • Go to FileSave As
  • Make sure that UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
  1. Result of the scan in virustotal.com
    https://www.virustotal.com/#/file/7f867b0b5e5958e646f7aae07aec8e2124e74a3c956250b687c79939d237255f/detection
  2. Erased the files.
    C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDAudi.lnk
    C:\Users\usuario\AppData\Roaming\appk\HDAudi.vbs
  3. Restarted the computer
  4. All Ok
  5. Thank you

Post fixlog.txt as you was instructed.

Impossible.
When running the program FIX with file FIXLIST.TXT, Avast considered it a virus and deleted the program.

I prefer not to reinstall FIX.
Thanks for your help.

Right click avast tray icon > manage shields and pause shields … And try again