Malware: http://creditfreediir.in/?tid=1&subid=1&subid1=7332824643908703995&subi

Hi there,

I keep getting a pop up alert by Avast about:

http://creditfreediir.in/?tid=1&subid=1&subid1=7332824643908703995&subid2=1048&su

I’ve ran Malware bytes and Super Anty Spyware without any success and i can’t find any info online about this malware.

Any guess?

Many thanks,
M.

Hello,

Can you attach picture of this warning?

Sure thing!

https://drive.google.com/file/d/0Bz2Eb8mRcbQ6bm1UQ0ZWZnBqVTA/view?usp=sharing

Thanks for your prompt response

About that link.

Website has vulnerable outdated server software: Outdated Web Server Nginx Found: nginx/1.4.2
Issue Vulnerable Header
Private Content encoding e7hZBzqVfn== ONLY, and this then goes on to render a variety of advertising sites.
Pop-Up Adware Infection.
That is what the qualified removal exdpert more than likely has to cleanse!

Detected URLs: https://www.virustotal.com/nl/domain/creditfreediir.in/information/
Quttera and Sucuri does not detect: http://quttera.com/detailed_report/creditfreediir.in
The site is being detected because it is a known PHISH - that is reason for the general URL:Mal detection by Avast.
IP badness history: https://www.virustotal.com/nl/ip-address/52.11.93.39/information/

polonus (volunteer website security analyst and website error-hunter)

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Thanks guys, you’re rockstars!

Both files here

https://drive.google.com/folderview?id=0Bz2Eb8mRcbQ6fjMySzBqUXhWNHYyclNtYmNxLWxZQl9oOWI3VkM0YlFXN3hwZlVRNjVJa00&usp=sharing

you attach the files here … i have done it for you :wink:

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

'Mazing!

here is the log!

How is your PC behaving now?

Still not good :frowning:

I’m not sure Fabar finished to the fixing process even though it generated the “Fixlog” - I’ll try to run it again tonight when I get home.

Do you have anymore ideas?

And thanks sooo much for taking the time to help me!

What is happening now?

Last night when i applied your fix was still doing the same pop up. So i guess the machine is still infected.

But let me reboot and re-apply the fix again tonight when i get home and I’ll let you know in more details.

Okay. Also attach the picture from Avast warning.

Great it seems is gone!! What was it? and why I couldn’t remove it with the usual tools?

Many thanks you great job!

I’ve got a couple of alerts for other malwares but I think I can deal with them.

Thanks a lot for your help!

Sorry to disappoint - but apparently the infection is still here and the error message is exactly the same.

What else can I do?

Download
http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.

[*]Double-click the icon to start the tool.
[*]It will ask you where to extract it, then it will start.
[*]Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
[*]Click in the introduction screen “next” to continue.
[*]Click in the following screen “Update” to obtain the latest malware definitions.
[*]Once the update is complete select “Next” and click “Scan”.
[*]When the scan is finished and no malware has been found select “Exit”.
[*]If malware was detected, make sure to check all the items and click “Cleanup”. Reboot your computer.
[*]Open the MBAR folder and paste the content of the following files in your next reply:

[*]“mbar-log-{date} (xx-xx-xx).txt”
[*]“system-log.txt”

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Hi,

many many thanks again for your help.

Please find attached all the files requested

Please uninstall WorldWideCoupon

Hi

Sorry I’ve missed your reply.

It seems I can’t uninstall it. Keeps tellin me to close my browser when it’s everything closed already.

I’ve already tried to shut every process related to chrome in the Task Manager and tried to unistall with C Cleaner as well…