MAL:URL Popups

Hi

For the past few days, I have been getting continual Avast Webshield pop ups warning of a blocked “harmful webpage or file”.

This happens as soon as I connect to the internet and before I even open my browser. There are usually 8 to 12 popups.

The popups are similar to these (Same domain names, and file types, slightly different file names):

URL:http://anythicago.com/4141/RelayTurbo_142668814314552.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

URL:http://simplesitescan.net/4141/LighterInit_142669556111830.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

URL:http://alwaysisobar.com/4141/CutterGeneration_142669028208336.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

URL:http://bestdriverstar.net/4141/CutterSystem_142669222915982.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

URL:http://opticguardzip.net/4141/CutterSystem_142669222919983.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

I have used the following malware removers without success:
*Malwarebytes Antimalware
*Spybot S&D
*Iobit Malware Fighter
*Adwcleaner 4

Attached are my malwarebytes scan log from today, FRST and FRST addition text files and the aswMBR.exe scan log file.

You already made 2 mistakes.

1]
You have used Spybot, since is nowadays has a huge lack of detection.

2]
You have used software from thiefs (IObit).
https://forums.malwarebytes.org/index.php?/topic/29681-iobit-steals-malwarebytes-intellectual-property/

Didn’t realise that IObit stole intellectual property or that Spybot was so ineffective.
My decision to use these programs stemmed from reviews and ratings on download.cnet.com.

However, I still require assistance with these URL:MAL infections.

Looking at the similar domain names and large amount of recent threads on this forum; this problem seems to be quite widespread.

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

This seems to have resolved the problem. There are no more Avast popups when I connect to the internet.

Thanks for the assistance.

The completion log is attached.

Remove tools

Download and run Delfix
Select the options as shown

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

I followed the instructions.

Problem seems resolved.

Thanks for the brilliant support.

:slight_smile: