Infection popup

Hello Avast community.

Im in need of terrible help with this infection. Recently, Avast kept popping up telling about blocking this “http://4dlmng.com/snz/sfen403int21.exe
and i do not have any idea what to do, and what it is. Is there anything that will make this disappear?

I have downloaded malwarebytes and OTL, and i did run them after reading the instructions on what to do with them, and also read similar post, but i was wondering if anyone could guide me on what to do please?

P.s I do have the a day old logs from malwarebytes and OTL and id like to know if they can be used, or am i suppose to run them again
Thanks :slight_smile:

Hi,

Malwarebytes (MBAM short) is known program that shall scan your computer and attempt to remove all to him known malware. MBAM is preliminar scan.

OTL and aswMBR are malware diagnostic tools that scan certain system ranges and create reports for analysis. They usual do not know what are good and legit and what is bad or malware entry. I am here to read these logs and attempt to remove all malware and capware from your system using advances script for OTL or some other even more powerful diagnostic tool.

Therefore, If you need help, attach Malwarebytes, OTL and aswMBR logs for malware analysis.

Yes please :slight_smile:

I only currently have the OTL and malwarebytes, The last time i tried the aswmbr, my computer crashed.

I will be posting the other one as soon after i scan my computer with it after school :slight_smile:

I decided to scan the other one and here is the last log :slight_smile:

thank you for the help

Ok, time for cleaning …

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

:PROCESSES KillAllProcesses

:COMMANDS
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM..\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: “URL” = http://dts.search-results.com/sr?src=ieb&appid=421&systemid=406&sr=0&q={searchTerms}
IE - HKLM..\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: “URL” = http://dts.search-results.com/sr?src=ieb&appid=421&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-716910420-3724383651-1605890227-1000..\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: “URL” = http://dts.search-results.com/sr?src=ieb&appid=421&systemid=406&sr=0&q={searchTerms}
FF - HKCU\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper: C:\Users\Kwikzy\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll File not found
O2:64bit: - BHO: (Reg Error: Value error.) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Reg Error: Value error. File not found
O2:64bit: - BHO: (Reg Error: Value error.) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - Reg Error: Value error. File not found
O2:64bit: - BHO: (Reg Error: Value error.) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3:64bit: - HKLM..\Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
3:64bit: - HKLM..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM..\Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKLM..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-716910420-3724383651-1605890227-1000..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKU\S-1-5-21-716910420-3724383651-1605890227-1000…\Run: [DataMgr] C:\Users\Kwikzy\AppData\Roaming\DataMgr\DataMgr.exe (HTTO Group, Ltd.)
O4 - HKU\S-1-5-21-716910420-3724383651-1605890227-1000…\Run: [SSync] C:\Users\Kwikzy\AppData\Roaming\SSync\SSync.exe ()
O4 - HKU\S-1-5-21-716910420-3724383651-1605890227-1000…\Run: [Intermediate] C:\Users\Kwikzy\AppData\Roaming\Intermediate\Intermediate.exe ()
O4 - HKU\S-1-5-21-716910420-3724383651-1605890227-1000…\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O33 - MountPoints2{15d435d4-3192-11e1-91d7-1803739604fa}\Shell - “” = AutoRun
O33 - MountPoints2{15d435d4-3192-11e1-91d7-1803739604fa}\Shell\AutoRun\command - “” = E:\LaunchU3.exe -a
@Alternate Data Stream - 133 bytes → C:\ProgramData\Temp:0B4227B4

:FILES
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c
C:\Users\Kwikzy\AppData\Roaming\DataMgr
C:\Users\Kwikzy\AppData\Roaming\SSync
C:\Users\Kwikzy\AppData\Roaming\Intermediate
C:\Program Files (x86)\Pando Networks

:COMMANDS
[EMPTYTEMP]

[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log

========================================
Next …

Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

InstalledProgs;
EmptyCLSID;
Installer-List;
Uninstall-List;
EmptyFoldersCheck;Delete 
AutoClean;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

========================================
Re-check …

Re-run OTL, just hit the QuickScan button and post me fresh created OTL.txt logreport.

Hi magna!

I did the OTL for the first one, but the log does not appear at all. I followed where i can find it, but it just gave me another folder into another 3. Though there is one that i am able to open with a notepad, it only says “0,” so i decided to rerun it the second time, and i noticed that there was a file on my desktop, which appeared after OTL finished, and it says desktop.ini. Is it that one?

I will be attatching the zoek, and the fresh OTL log.

Also, the Avast does not popup anymore letting me know about the infection.

…and OTL log is clean. As all looks good, I will remove my tools. :wink:

You are malware free. Posted logs are now appear cleans and show no signs of active infection.

Good workman always cleans up after himself.
The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.


To help AntiVirus to protect your computer and speed it up, I recommend that you download, install and keep the following free programs:

  1. Keep Malwarebytes Anti-Malware, update it regularly or from time to time and run a Quick Scan weekly.
    Malwarebytes will detect and remove all traces of known malware. MBAM isn’t AntiVirus and it can NOT replace it.

  2. Keep MCShield Anti-Malware, the tool will be updated regularly and perform auto-checking for malware to each attached USB memory device.
    MCShield, has been designed as a lightweight scanner that’s smart enough to catch even new worms and work in fully automatic removal mode.

  3. It’s recommended to delete Temporary Files every once in a while. Run the tool and click on the Start button and TFC will begin to clean. Then restart the computer.
    Temp File Cleaner aka TFC by OldTimer
    TFC is small & usefull utility that shall clean up temp files from all userprofiles and system folders.


How to protect yourself?

  1. Adjust avast! to target PUP software:
    Run avast! 2014 by clicking the system tray icon in the lower right corner of the screen.
    Click on Settings, in the new window that opens, click on Active Protection, then under File System Shield click on gear wheel…
    Under Sensitivity part of option check box for Scan for potentialy unwanted programs PUP.

  2. avast! Software Updater. Run avast!, click on Tools > Software Updater.
    For security reasons, make sure you do update your browser(s), Java, Flash Player, and basically every software you use often.

  3. avast! Browser Cleanup. Run avast!, click on Tools > BrowserCleanup.
    Browser Cleanup tool is an integrated tool in avast! AV that allows you the control on browsers unwanted addons.

  4. avast! Malware Scan. Run avast!, click on Scan and preform QuickScan by clicking on Start button.
    Every once in a whilere, it’s recommended to preform virus scan with avast! 2014.

Thanks Magna for your time and help!