I have been getting the pop up from various websites since last week.
It shows it is quarantined but again this morning the Avast pop up message was there again.
I am also having a problem with Internet Explorer has stopped working, but, I don’t know if related.
I am including a screen shot of the last pop up I received.
Any help would be appreciated.
Thank you.
Logs to assist in cleaning malware https://forum.avast.com/index.php?topic=53253.0
Thank you. I use malwarebytes - pro but did not realize I could do a root scan. I am doing that now per the instructions and will follow the directions given on that page. 
malwarebytes scan:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/26/2015
Scan Time: 2:48:11 PM
Logfile: malwarebyteslog.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.26.07
Rootkit Database: v2015.01.14.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8
CPU: x64
File System: NTFS
User: elaine
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 383670
Time Elapsed: 27 min, 42 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
proceeding to next step.
farber recovery text
I hope this is correct way to do it by attaching…
wasn’t sure.
I hope this is correct way to do it by attaching... wasn't sure.That is correct ...... they are very long so you may have to use 20 posts if you copy and paste
Now you wait for a malware expert to arrive, if no reply in the next two hours then check back tomorrow
ok I downloaded aswmbr and am running as per the page I was sent to.
do I need to continue that and post those results as well?
thank you!
15:48:12.120 OS Version: Windows x64 6.2.9200
15:48:12.120 Number of processors: 2 586 0x2A07
15:48:12.120 ComputerName: MYPLACE UserName: elaine
15:48:15.480 Initialize success
15:48:15.511 VM: initialized successfully
15:48:15.511 VM: Intel CPU virtualization not supported
15:48:20.886 AVAST engine defs: 15012601
15:48:37.621 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\00000036
15:48:37.621 Disk 0 Vendor: WDC_WD5000BPVT-22HXZT3 01.01A01 Size: 476940MB BusType: 11
15:48:37.621 Disk 1 \Device\Harddisk1\DR1 → \Device\Scsi\bScsiSDa1Port1Path0Target0Lun0
15:48:37.621 Disk 1 Vendor: Broadcom 0001 Size: 30436MB BusType: 1
15:48:37.762 Disk 0 MBR read successfully
15:48:37.762 Disk 0 MBR scan
15:48:37.777 Disk 0 unknown MBR code
15:48:37.777 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
15:48:37.824 Disk 0 scanning C:\Windows\system32\drivers
15:48:49.841 Service scanning
15:49:13.764 Modules scanning
15:49:14.295 Disk 0 trace - called modules:
15:49:14.326 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
15:49:14.342 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa80060a65b0]
15:49:14.342 3 CLASSPNP.SYS[fffff88001001e0a] → nt!IofCallDriver → \Device\00000036[0xfffffa8004c47060]
15:49:15.357 AVAST engine scan C:\Windows
15:49:18.092 AVAST engine scan C:\Windows\system32
15:52:15.745 AVAST engine scan C:\Windows\system32\drivers
15:52:39.078 AVAST engine scan C:\Users\elaine
16:09:44.109 AVAST engine scan C:\ProgramData
16:14:21.622 Disk 0 statistics 3258267/0/0 @ 1.25 MB/s
16:14:21.638 Scan finished successfully
16:20:13.806 Disk 0 MBR has been saved successfully to “C:\Users\elaine\Desktop\MBR.dat”
16:20:13.806 The log file has been saved successfully to “C:\Users\elaine\Desktop\aswMBR.txt”
Could you let me know how the computer is after this run
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: HKU\S-1-5-21-2202182209-2634961455-3170357773-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION! HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2202182209-2634961455-3170357773-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION Task: {59DE1A06-6672-42D2-9B26-A76F5A352749} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
ty! am doing as instructed now.
I ran fix as you directed. I wasn’t sure which log to post so I posted both.
I am proceeding to next step.
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Users\elaine\AppData\Roaming\NCH Software
File Deleted : C:\Users\Public\Desktop\eBay.lnk
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\APN PIP
***** [ Browsers ] *****
-\ Internet Explorer v10.0.9200.17183
AdwCleaner[R0].txt - [950 octets] - [26/01/2015 18:13:20]
AdwCleaner[S0].txt - [841 octets] - [26/01/2015 18:16:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [900 octets] ##########
Are you still getting the alerts ?
yes I am getting the alert.
after I saw your last message about getting alerts, I went back to the page I tried to load yesterday that showed the alert, and it did bring up the alert again. The pop up message is the same as I posted the screen shot of yesterday.
Do you only get the alert on a specific page ? If so could you post the address so that I can check it out
http://losangeles.cbslocal.com/tag/kcal-9/
what is weird, is last week on my local news station I was getting the same pop up.
thank you!
I received no alert there, but I do not have any Java installed… Is it just that page now ?
yes that is the only page.
my java did update late last week. do I “really” need Java?
I trust Avast and I appreciate your help. It may be nothing, but, I wanted to ask on here because I have used Avast for years and have referred it to many friends.
The system looks clean and as it is on just one site I assume that Avast is stopping it from getting on to your system. There are alas many loopholes in Java
Is your system behaving it self otherwise ?
yes, I am getting some slow down, but, I think it is more with the processor than it is with a virus/malware. that is what I couldn’t understand when I started getting the pop ups.
I will watch it and if it continues on another page or something new pops up, I will come back.
I do appreciate the time and effort you put into this.
Do I need to remove the cleaning programs that I downloaded to desktop, etc. and is there any other
programs I need to download to hopefully prevent further attacks?