Hi, just not long ago ive been receiving the “Malicious URL Blocked” pop up from avast anti virus. This block appears whenever i navigate through webpages on google chrome, so i tried using internet explorer and to no avail the same block pops up. Can anyone advise me the steps i should undertake? do i follow this topic? http://forum.avast.com/index.php?topic=53253.0
[color=green] Note for Farbar Recovery Scan Tool (aka FRST): You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[color=green] Note for Zoek.exe: Do not launch Zoek.exe yet! We shall use it later.
[*]Double-click on FRST/FRST64 to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Both Zoek and FRST needs to be on Desktop.
2013-07-27 20:32 - 2013-07-27 20:33 - 01275420 _____ C:\Users\Cynthia\Downloads\zoek.exe
2013-07-27 20:31 - 2013-07-27 20:32 - 01780407 _____ (Farbar) C:\Users\Cynthia\Downloads\FRST64.exe
My personal recommendation to you is to remove (Control Panel > Programs and Features) Optimizer Pro v3.0 (x32 Version: 3.0).
Thouse tools are just crap/bloat_ware and nothing else…
The fix procedure consists two steps. Running through FRST’s script and then running through zoek’s script.
Open notepad and copy/paste the text present inside the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system.
Start
Hosts:
Task: {7F64E0AF-B49D-4FAE-8A9D-976557B4C426} - System32\Tasks\Lyrics-Pal Update => C:\Program Files (x86)\LyricsPal\Lyrics.exe No File
Task: C:\windows\Tasks\Lyrics-Pal Update.job => C:\Program Files (x86)\LyricsPal\Lyrics.exe
MountPoints2: {d9c89934-d6ac-11e0-bc63-c0cb38e41cc5} - E:\unlock.exe autoplay=true
MountPoints2: {f04ac1c0-f07f-11e2-8e54-c0cb38e41cc5} - H:\Setup.exe
URLSearchHook: (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO-x32: Lyrics-Pal - {AB9778AB-BAEF-49B9-96EE-D6E4BD0BCE68} - C:\Program Files (x86)\LyricsPal\125.dll No File
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
CHR HKLM-x32\...\Chrome\Extension: [mmiopbgcekanlhpjkonogoljpfmhpkhf] - C:\Program Files (x86)\LyricsPal\125.crx
File: C:\Users\Cynthia\Downloads\Setup.exe
C:\Program Files (x86)\LyricsPal
CMD: ipconfig /flushdns
End
Save notepad as fixlist.txt NOTE. It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Open notepad and copy/paste the text present inside the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
AppInit_DLLs-x32: [0 ] ()
C:\Users\Cynthia\jagex_cl_runescape_LIVE.dat
C:\Users\Cynthia\jagex_runescape_preferences.dat
C:\Users\Cynthia\jagex_runescape_preferences2.dat
End
Save notepad as fixlist.txt NOTE. It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Tell me, how is your computer running now? Any malware warnings?
The malware warnings have not been popping up since my last restart or so, Im still a bit confused as to what may have caused all this but the problem seems to have been resolved?
Malicious extensions has been trigger for avast warning. Extensions came across with malicious program belike as part of some legitimate software or it has been use another exploit… how it got into your computer exactly, I do not know.
You are malware free. Logs doesn’t show active malware. We need to remove used tools now. 8)
Please download DelFix by “Xplode” to your Desktop.
Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt) Note: The report will also be stored on C:\DelFix.txt
I don’t need DelFix log report.
I recommended to use MCShield if you will.
You may download MCShield from one of the following links:
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.
Thank you very much for your help. Though i have a few questions i would like to ask:
Am i free to remove the notes i created for zoek, FRST etc?
I now seem to have many more programs installed such as tdsskiller, malwarebytes, adwcleaner, frst64, zoek. Should i keep them all installed for future references?
All of these tools, their files and entries, their logreports will be removed by DelFix. That’s why I told you to download and run DelFix. DelFix will also create registry backup and reset the old system and create a new restore point.
edit:
Malwarebytes will not be removed by DelFix. If you wish to remove malwarebytes, you need to uninstall but I recommend that you leave it as it is a great addition to your AV