Mal:URL

Avast was recommended to me from a friend from the security forum at dslreports. However it’s giving me constant MAL:URL Process windows/explorer.exe popups for a few days now.
I’ve followed several steps to clean and test eg. cleaned temp files, ran malwarebytes, avg, online bitdefender scan and they all come up with nothing.

Another security forum suggested I post here since they couldn’t see anything in all the logs which would suggest anything was wrong. No one can tell me why I’m getting these constant popups.

Help please

Thanks.

No one can tell me why I'm getting these constant popups.
If anyone can....i think essexboy

Follow this guide and attach the logs requested
http://forum.avast.com/index.php?topic=53253.0

You have something else on your system that is misusing the explorer file.

This needs further analysis by a malware removal specialist: Follow the information on the link you were given. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

Thanks. This is my school pc, and I’m just finishing up for the day but I will follow and post the requested files as soon as I can tomorrow.

Thank you so much for replying

Just to start the ball rolling until I get to school, this is the threadhttp://www.dslreports.com/forum/r26942098-Malware-Malicious-URLI posted in yesterday with the logs I was asked for.

The idea is to post the loge here in your post and not on another site.

The helpers are hardly going to visit another site where they would have to register to be able to post.

This forum has the ability to attach the logs to the post so you don’t have to copy and paste the contents over a number of posts, that is easier for you and for the one trying to help.

It wasn’t my intention to not post logs here David, my apologies if I offended. I was just getting a little ansy knowing something was wrong, and not being at work sat at the pc trying to get it fixed.
That said, I’m at work now, and here are the first two logs .I’m not getting the Extras.txt generated after running OTL.txt and I ran it twice. The same thing happened yesterday.

You normally only get the extras.txt when you first run OTL, so I don’t know where it went.

It may be a little while before someone can analyse the logs, essexboy will be at work, he is normally on the forums from about 7PM UK time (now 2pm). Unless one of the other malware removal specialists can pick it up.

Did a search on the pc, found the extras.txt sitting in another folder. It’s the scan from yesterday.

Not sure if anyone had time to look at the logs, but since yesterday I downloaded and ran combofix. Since running it, and numerous reboots the mal:url popups have ceased.

Essexboy is normally he one to analyse the logs, but as you can imagine he can get very busy and his time on the forums is limited.

Generally we don’t recommend running Combofix except under guidance as it is a powerful tool and with some of the new malware (you have to get the removal order correct or it can have adverse consequences).

So I think the logs still need to be analysed, to get an idea of what it was to start with and after running combofix (attach that log), essexboy may ask for another OTL scan to ensure everything was removed.

EDIT: I have PM’d essexboy, so hopefully he will be able to get on it after work.

I understand how busy everyone is and I appreciate the effort you guys put into the site.
Combofix was last resort, and hopefully it worked. Logs attached.

I notice from your combofix log - Having two resident anti-virus scanners installed is one too many and not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable as the two dogs fight over the same bone.

Two installed but only one active and it was only done to try and get rid of whatever was on my pc. I uninstalled AVG this morning.

It doesn’t matter if only one is active as that is the nature of resident antivirus scanners, they install low level drivers to hook files so that they can be scanned, it is these low level drivers where the fight starts.

That I didn’t know

Not many do ;D

Hi I am seeing TrendMicro, AVG and Avast as resident. You need to determine which one to keep and uninstall all the others

On completion of this run can you let me know if the alerts persist

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL IE - HKU\S-1-5-21-3917816277-2301944540-3967082003-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://ame.bascom.net/proxy.pac FF - prefs.js..network.proxy.autoconfig_url: "http://ame.bascom.net/proxy.pac" FF - prefs.js..network.proxy.type: 2 FF - prefs.js..browser.search.selectedEngine: "Search the Web"

:Reg
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“adaware_XP”=-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thanks for joining us essexboy.

Trend came with the pc and was never run or activated. I thought I’d uninstalled it, obviously something is lingering. I will check when I go back into work. However, I’m done for the weekend, I don’t go back in until Monday so please don’t think I’m ignoring your advise and fix. I will take care of both on Monday and post again. Have a good weekend.

Thanks. :slight_smile:

Lynne