Infection: URL:Mal

My daughter’s computer has Avast constantly giving the following error when she is not trying to access any websites at all.

Object: Http:/
Infection: URL:Mal
Process: C:\Windows\system32\svchost.exe

I scanned for viruses and used Malwarebytes and removed anything that it listed. I also did a system restore to the day before this started happening and nothing changed. I then gathered up the logs to post it here since nothing that I did seems to be helping.

I appreciate the help, I have no other ideas other than waiting for the definitions to be updated. Thanks.

This is an indication of an underlying infection misusing svchost to try and access a malicious site. It isn’t something that is likely to be resolved in a definitions update. So the malware removal specialists will have to analyse you logs to find and deal with that underlying infection.

Unfortunately, there may be some delay due to differing time zones and availability of the volunteer malware removal specialists.

Hello Aviddamy. Welcome to avast! forums.

It would be a good idea to have those reports too.

Like DavidR said. Right now it is late night in Europe where most of our specialists reside. You just have to wait. Be patient.

I will go back into those two programs and see if I can find the log file for the items that were removed. And wait. I knew that this would take some time. At this point, its all I can do so that is perfectly fine.

I see you have also run Combofix, could you attach that log please

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

OK, here is the information you asked for. I think this is the ComboFix log file. Oh, and I did want to mention. This computer now has only one Antivirus program. I’m not sure why it had both Avast and Microsoft Security Essentials, but I was able to remove MSE.

Let me know if this stops the alerts

  1. Close any open browsers.

  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy:: c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll|c:\windows\system32\rpcss.dll c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll|c:\windows\system32\dllcache\rpcss.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

I’m going to have her test it. Looks good so far. But I will attach the log files and let you know for sure. I ran it twice, because the first time it updated when I dropped the script file. I do appreciate your help with this.

OK let me know when you are happy