I have an issue where every time I first log onto the internet I get a pop up from avast stating that a threat has been detected and it seems to be the same notification but it only happens when I first go onto the internet. Not sure if it’s a false warning or not.
Is that a site with which you are familiar? Do you have something that loads at startup that might be checking that site? If so URL Mal just means your computer is trying to connect to a site that avast has deemed suspicious. May be something and further research is required… may be nothing and just be a false positive by avast. Check your startup items.
however the problem is what the OP have in his/her computer that is trying to connect?
to find out we need OTL log from the guide mikaelrask gave link to
I read your post as to what I need to do. I ran maleware bytes and the log results are below. I have not run any other program as of yet but I will if the problem continues after I restart my computer, I wanted to get this log to you. Thank you so much for your help with this issue, I greatly appreciate your help in resolving the problem.
I’ve attached the log from OTL. When I was doing the scan with aswMBRnmy computer went to the black screen with blue words saying it had to shut down, I haven’t tried running aswMBR again because of my computer shutting when I was running it. Thanks for the help!
I tried to run the scan again with aswMBR and this time my computer did not go the black screen and shit down.
The log report is below. Thanks again for helping me to find out what’s causing the maleware pop up warning.
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-12 23:27:34
23:27:34.038 OS Version: Windows x64 6.1.7601 Service Pack 1
23:27:34.038 Number of processors: 2 586 0x170A
23:27:34.038 ComputerName: DICK-PC UserName: dick
23:27:35.333 Initialize success
23:27:39.170 AVAST engine defs: 14031201
23:27:50.636 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-1
23:27:50.652 Disk 0 Vendor: ST932032 D005 Size: 305245MB BusType: 3
23:27:50.777 Disk 0 MBR read successfully
23:27:50.777 Disk 0 MBR scan
23:27:50.792 Disk 0 Windows VISTA default MBR code
23:27:50.792 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
23:27:50.808 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
23:27:50.823 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
23:27:50.901 Disk 0 scanning C:\Windows\system32\drivers
23:28:05.425 Service scanning
23:28:32.070 Modules scanning
23:28:32.070 Disk 0 trace - called modules:
23:28:32.117 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:28:32.117 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8004263060]
23:28:32.117 3 CLASSPNP.SYS[fffff880015bd43f] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-1[0xfffffa800408e050]
23:28:32.803 AVAST engine scan C:\Windows
23:28:34.675 AVAST engine scan C:\Windows\system32
23:31:48.802 AVAST engine scan C:\Windows\system32\drivers
23:32:06.445 AVAST engine scan C:\Users\dick
23:34:29.420 AVAST engine scan C:\ProgramData
23:36:33.377 Scan finished successfully
23:37:00.225 Disk 0 MBR has been saved successfully to “C:\Users\dick\Desktop\MBR.dat”
23:37:00.241 The log file has been saved successfully to “C:\Users\dick\Desktop\aswMBR.txt”
:Commands
[CREATERESTOREPOINT]
:OTL
IE - HKU\S-1-5-21-2245473696-2751137294-3349256485-1000\..\SearchScopes\{4A18D340-C4DC-4D74-B8CF-BF869AA8A4B3}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=6E215438-3F0A-48C6-9EC9-D70AB144EAD0&apn_sauid=D2854A4F-49D0-4B8C-A95B-90E6E97E51A3
IE - HKU\S-1-5-21-2245473696-2751137294-3349256485-1000\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}
FF - prefs.js..extensions.enabledAddons: crossriderapp2258%40crossrider.com:0.94.149
[2014/03/07 03:37:18 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\dick\AppData\Roaming\Mozilla\Firefox\Profiles\0zjm67ht.default\extensions\crossriderapp2258@crossrider.com
[2014/03/07 03:37:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dick\AppData\Roaming\Mozilla\Firefox\Profiles\0zjm67ht.default\extensions\crossriderapp2258@crossrider.com\extensionData
[2014/03/07 03:37:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dick\AppData\Roaming\Mozilla\Firefox\Profiles\0zjm67ht.default\extensions\crossriderapp2258@crossrider.com\extensionData\plugins
[2014/03/07 03:37:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dick\AppData\Roaming\Mozilla\Firefox\Profiles\0zjm67ht.default\extensions\crossriderapp2258@crossrider.com\extensionData\userCode
[2012/06/22 01:04:43 | 000,002,205 | ---- | M] () -- C:\Users\dick\AppData\Roaming\Mozilla\Firefox\Profiles\0zjm67ht.default\searchplugins\alot-search.xml
[2013/03/07 00:46:31 | 000,002,308 | ---- | M] () -- C:\Users\dick\AppData\Roaming\Mozilla\Firefox\Profiles\0zjm67ht.default\searchplugins\askcom.xml
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2245473696-2751137294-3349256485-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
:Files
C:\Users\dick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
AdwCleaner log. Wasn’t sure if I was to keep anything or uncheck certain items that were being removed so left whatever the scan showed up. Hope I didn’t mess this up and remove something I needed.
Here’s the log after scanning and removing.
I’ve logged on to the internet 2 times now since doing the first scan you asked me to do and that maleware pop didn’t pop up but it normally only pops up when I first log on for the day, whether I log off and on several times that day, normally just happens on the first log in.
No maleware threat pop-up when I started and logged on for the first time this morning, which normally it does happen.
I haven’t started and logged onto the internet but once so far, will let you know if the maleware threat pop up comes up anytime during the next few log on’s but I’m thinking it’s all good now. You’re amazing for the help and support you provide for us that have no idea how to fix stuff like this…thank you so much!!!
I’ve logged onto the internet several times with no maleware threat pop up notification so I’m thinking it’s okay to remove the stuff you had me put on to help remove the problem. I’ll keep an eye out for your removal instructions. Thanks, Kelly
WARNING:Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disableJava in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
Regarding Java and disabling it. I followed the instructions for firefox and where it shows the plugins it says, ASK TO ACTIVATE or the other option NEVER ACTIVATE. It was on ASK TO ACTIVATE so I left it on that option. There was no disable option. Is it okay to leave it at ask to activate or should I uninstall java all together?