system
March 11, 2018, 9:43am
1
Message that AVAST presents repeatedly in the last couple of days is:
We have safely aborted the asdbjhwjashdfsancbxzv.99lnk.com connection because it was infected by URL:Mal
Process: C:WindowsSystem32wscript.exe
Gravity: Low
After executing Malwarebytes, HitmanPro, CCleanor
and restart, every time the computer, has NOT resolved the topic.
Following the instructions of the forum I have passed
Fabar Recovery Scan Tool.
Attached the two files created
Can you help me?
Thank you
Pondus
March 11, 2018, 9:45am
2
PDI
March 11, 2018, 9:54am
3
Hi,
please check “C:\Users\usuario\AppData\Roaming\appk\HDAudi.vbs” via virustotal.com .
Add the link to the result of the scan here.
If it’s found malicious.
Remove these files:
C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDAudi.lnk
C:\Users\usuario\AppData\Roaming\appk\HDAudi.vbs
Regards,
PDI
Open Notepad (click Start button → type notepad.exe → press Enter )
Copy text from code block below and paste it into Notepad
Startup: C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDAudi.lnk [2018-03-07]
ShortcutTarget: HDAudi.lnk -> C:\Users\usuario\AppData\Roaming\appk\HDAudi.vbs ()
GroupPolicy: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1161662491-1988502887-1330458484-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1161662491-1988502887-1330458484-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lkeklglhcgdafkfiiagmabcogjapcklc] - C:\Program Files (x86)\HDvidCodec.com\HDvidCodecCR10.crx <not found>
Task: {23E065A7-A76B-44F0-8C04-34613B0DE03A} - System32\Tasks\{47EF6CE7-8056-417B-A80B-873D09B60DA1} => C:\Users\usuario\AppData\Local\Temp\is-IO6G9.tmp\XRD Manager.exe <==== ATTENTION
Task: {40E0D075-7A94-4CAD-878E-1D5CE679C58A} - System32\Tasks\0 => c:\program files (x86)\internet explorer\iexplore.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\{47EF6CE7-8056-417B-A80B-873D09B60DA1}.job => C:\Users\usuario\AppData\Local\Temp\is-IO6G9.tmp\XRD Manager.exeȚ/exenoupdates /exelang 3082 /noprereqs /qr AI_RESUME=1 ADDLOCAL=MainFeature,XRDdrivers64 ACTION=INSTALL EXECUTEACTION=INSTALL ROOTDRIVE D:\ TRANSFORMS=:3082 AI_PREREQFILES=C:\Users\usuario\AppData\Local\Temp\{47EF6CE7-8056-417B-A80B-873D09B60DA1}\drivers64.msi AI_PREREQDIRS=C:\Users\usuario\AppData\Local\Temp AI_SETUPEXEPATH=C:\Users\usuario\AppData\Local\Temp\is-IO6G9.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\usuario\AppData\Local\Temp\is-IO6G9.tmp <==== ATTENTION
VirusTotal: C:\Users\usuario\AppData\Roaming\appk\HDAudi.vbs;C:\Users\usuario\AppData\Local\Temp\is-IO6G9.tmp\XRD Manager.exe;c:\program files (x86)\internet explorer\iexplore.exe
C:\Users\usuario\AppData\Roaming\appk\HDAudi.vbs
C:\Program Files (x86)\HDvidCodec.com
C:\Users\usuario\AppData\Local\Temp\is-IO6G9.tmp
C:\Users\usuario\AppData\Roaming\appk
Go to File → Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
Post fixlog.txt as you was instructed.
system
March 11, 2018, 7:53pm
7
Impossible.
When running the program FIX with file FIXLIST.TXT, Avast considered it a virus and deleted the program.
I prefer not to reinstall FIX.
Thanks for your help.
Pondus
March 11, 2018, 8:01pm
8
Right click avast tray icon > manage shields and pause shields … And try again