JS:Redirector-BXI[Trj]

Viruses and worms
1

Since 05-10-2015 I encounter the following problem:

If i click a screenshot made by and linked to Lightshot (for example http://prntscr.com/8oaoyb) Avast signals the following message:

Avast webschild heeft een schadelijke website of bestand geblokkeerd (meaning a harmful website or file is blocked - I have a Dutch version of Avast)
Object: http://adse+++++++++rve.cpmba.se/10038 line … ← I added som plusses so nothing happens when someone clicks the link by accident
Infectie: JS:Redirector-BXI[Trj]
Proces: firefox.exe

The message appears only in Firefox, the message dos not appear in Opera or Internet Explorer when using the link to Lightshot (I do not use Google). My OS is Windows 8.1

I performed the next scans with Avast: virusses (start scan, full systeem scan), browserextensions, old software, networkthreads (I hope I translate these options of Avast correctly).
There was no old software at this point.
However, Avast did not find infected files.

Then I downloaded the next tools, scanned them for virusses, then installed them and ran them:

Microsoft Safety Scanner. Result: no infected files.
Avast Browser Cleanup. Result: no infected files.
Norton Power Eraser. Result: no infected files.

Then I downloaded F-Secure, scanned for virusses, uninstalled Avast and installed F-Secure.
Result: no infected files.

Then I downloaded Avast, uninstalled F-Secure, installed Avast and made sure I had the latest updates.
Result: no infected files.

Then I activated Windows Restorepoint of 2 october 2015.
Next, I uninstalled Firefox, searched with ‘Everything’ for all Mozilla files and deleted them using Secure Eraser (so the old profile as well).
Downloaded and installed Firefox, withoud adding add-on’s, extensions and scripts.
The problem still occured as soon as I entered a link to Lightshot.

Downloaded AdwCleaner, scanned for virusses, installed it and ran it. Result: no infected files.

Thus, I still receive the message of the infection. When I use Firefox on my laptop, the message does not appear, so my pc has a problem.
I really don’t know what to do next. Is there a way for Avast to show which file calls for the link “http://ad+++++serve.cpmba.se” to follow? At this point I only know there is an infection, but not where the infection is to be found and destroyed. Isn’t it curious that Avast does give me a message about the infection, but does not find any infected file in all scans? I’m not an ICT-specialist, so help is appreciated!

2

Follow the instructions here https://forum.avast.com/index.php?topic=53253.0 and attach the requested logs.

  • Do a full system scan with MalwareBytes AntiMalware.
  • Run Farbar Recovery Scan Tool. This tool will produce two logs FRST.txt and Additions.txt
  • Run aswMBR.exe and a log will open up and save it to desktop and attach it here.

Just now I have notified an malware expert to monitor this post and assist you further.

I see that you used multiple antivirus installing and uninstalling. Did you use it’s uninstaller utility/removal tool and ran it in safe mode before installing and different antivirus?