I have used Chrome as my default browser for many years.
My homepage is my google.com/ig. I have never had a problem until today.
When my browser opens this page there is an avast alert:

Object: http/www.aol.com/favicon.ico
infection: URL:Mal
Process: C\Users\Becket..\chrome.exe

Other tabs and URLs are fine so far.
When I click on “more details” I am directed to avast page declaring it has saved my computer from crashing. That’s just great but no other information on getting rid of it.

Before this message I had done a full Avast scan which had 2 low infections in which I deleted and windows defender scans which did not show any infections. Should I do another full scan? So, I am wondering where do I begin?

hey and welcome to the avast forum. i suggest you follow this guide and attach your logs.

a malware expert will help you from there.

http://forum.avast.com/index.php?topic=53253.0

Aol is blocked due to malicious url on firefox today as well. Never had problem with the site (which is only used as homepage) until today.

I sent 4 files but I don’t know where they went?

5 of 5 files

sendt what files where?

from the guide mikaelrask gave you we need you to attach the following logs

AdwCleaner
Malwarebytes
OTL
aswMBR

Here are 4 of 5

Thanks for your help.

did you click the “remove Select” button after running malwarebytes…as the log say no action taken

if not, update malwarebytes…run New quick scan…click remove selected…

essexboy will be here later checking the logs

That may be an FP on the AOL page, however it may not ;D

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
FF - prefs.js..extensions.enabledAddons: {97A78363-B868-4B48-AC91-A783A31215AF}:2.0.0
FF - prefs.js..extensions.enabledAddons: plugin@selectionlinks.com:1.5
O2 - BHO: (no name) - {1d970ed5-3eda-438d-bffd-715931e2775b} - No CLSID value found.
O3 - HKU\S-1-5-21-3409210554-4067418049-1950697571-1001\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.

:Files
C:\Users\Becket\AppData\Local\Temp\_MEI19802
C:\Users\Becket\AppData\Local\Google\Chrome\User Data\Default\Extensions\iohcojnlgnfbmjfjfkbhahhmppcggdog\4.0.5_0\plugins\npfvdio.dll

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

I ran 2 scans.
First scan had (5) Pup.Face Theme
I updated and ran again.
Second scan had none.

Thank you

run OTL as instructed by essexboy in post above…

I used OTL as prescribed in the URL but I noticed it didn’t create an extras.txt this time.
I must confess I did move the application into its own folder before execution.

By the way I have only reading writes to emails sent to me by administrators? Just noticed when I
opened my browser the Avast malicious alert did not pop-up. Please let me know if there is anything
else I need to do.

Sorry I misunderstood the previous post and didn’t notice the script provided.

1. I followed the instructions placing the script in. After the Program finished a text file showed up before rebooting. (It sometimes is difficult to find these files so I have to initiate a file save so I know where to locate it. When I know where it is I just cancel. I rebooted.

2. I ran a quick scan. another text file. Also it created a folder (C:/_OTL/Moved Files) I will attach both.

Thank you

Are the alerts still happening ?

Hallelujah! None so far. Will report back in a couple of days with a progress report. Thanks so much for your help. Well done.