I keep getting popups from Avast! About a non-trusted mail certificate, and I have run scans in both Avast! and MBAM, but nothing has been picked up.

Each time it pops up, it is for a different domain. I woke up today to about 15 different popups from avast about it. Sorry I didn’t make any screenshots, but I was in a hurry, normally I would have. I will update this post with an image of the popup later if possible.

Please help!

Edit: Still no screenshot of the message, but I would like to clarifiy that the Domains are things like 638bhcnsvb486.com or ycbay73bau2etr.ruysby.net - Make no sense (Btw, those don’t exist, I made them up as an example)

Edit2: I have a Screenshot now.

The Popup

another one

Another One…

Attach OTL diagnostic logs http://forum.avast.com/index.php?topic=53253.0

A log expert will be notified and analyze it…

Logs are too big for the attachment form, so here they are in my dropbox:

https://www.dropbox.com/s/5llgn3ky7ajuj5j/OTL.Txt
https://www.dropbox.com/s/4lk9a2wimttpmin/Extras.Txt

Again… And By the way, I have checked, and none of these Domains are registered.

Hmm an intriguing on this

Did you install MEGAsync

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please attach its contents on your next reply.

Yes, I did install Megasync, and I am finding it very useful. All it needs now is to implement some changes from dropbox, like sharing a folder between accounts.

TDSSKiller found 2 Suspicious, One was my UnSigned Theme DLL, and the other was KMSPico. Yes, I do have a Legal Licence for Office 2010 through my school, but the key was bad, and they refuse to give me another one.

TDSSKiller Log Attached.

OK that is the MBR cleared

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

ComboFix Log

It runs slow when it is starting, taking about 5 minutes to boot, and 3 minutes to login (this is due to a BIOS setting involving Switchable Graphics). After that it runs fine, except for the annoying popups from Avast! About the mail.

I havn’t seen another mail popup yet, so that is good.

Could you monitor it for a day or so, that will enable me to determine whether the service removed by combofix was bad

Very well, I will keep an eye on it, and report back. Question: What was the name of the removed service?

Name of the Service Deleted: KMSELDI

Ok, so I just got the popup again

What e-mail client are you using ?

I am not using any Mail Client other than Firefox and Gmail’s website.

Also, I would like to ask why my previous account was banned? I just came back to reply, and it was perm banned? I could not find a way to appeal the ban either.

I have just checked, and as far as I can see you are not banned

Could you change your password on your gmail account and delete all unwanted/spam e-mails

Ok, Changing the Password and Cleaning it up now.

Also, when I try to log in I get this message:

An Error Has Occurred!
Sorry Krutonium, you are banned from using this forum!
This ban is not set to expire.

Hmm weird about the ban

Let me know if the certs failure appears after these changes