Folks - I’m pretty hopeless at the tech stuff and I have looked at some other threads but I don’t want to use available information untill I know I’m doing the right thing.
My Avast Free is picking up lots of malware and flashes a warning as per the attached screenshot. I can’t do anything on the web right now without having a screen full of crap.
I have run a fully updated scan using Avast Free and I it found 4 infectioins (I don’t have any more details). I thought I had deleted the infections but they are sti8ll there.
Do I have to upgrade to get rid of whatever is infecting my computer or is there something else I should be doing?
Thanks
Gavin
to check for infections we need some logs… http://forum.avast.com/index.php?topic=53253.0
attach (not copy and paste) Malwarebytes / OTL / aswMBR
see Attachments and other options below the txt box you write in here
Cheers - I’m looking at that now…
Here are the three text attachments. Hope this makes sense. I can say that the adware is still present.
Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
CreateSRPoint;
EmptyCLSID;
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497};C
{ba14329e-9550-4989-b3f2-9732e92d17cc};C
firefox@monetomi.info.xpi;FF
Uninstall-List;
C:\WINDOWS\*.tmp;F
C:\WINDOWS\System32\*.tmp;F
AutoClean;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
I can say that the adware is still present.your Malwarebytes log say [b]NO ACTION TAKEN[/b] ... was evrything marked for removal and did you not click the [b]remove selected button[/b] after scan?
anyway magna86 will fix it, just follow his instructions
I’m getting lots of complains about these lately. In this case, Avast blocked a pop-up, that’s for sure. The last app that displayed such pop-ups was called PassShow. But there are many others, all of them somehow related to the SuperFish ad networks. Nothing really dangerous about it, just a useless browser extensions that loads junk on computers.
@techlike99
They all are part of PUP family.
Lately, they have become increasingly aggressive. They initially were not targeted by the AV / AM programs among other thing because they owned their uninstaller and they have not been so aggressive and annoying to user. They do not allow classical removal/uninstall. This is malicus act.
Most PUP software acts as Adware.
The trick is that what their setup sets the advertising site in registry entries as value, browsers reads that value in registy and therefore the user is redirected via browser to some unwanted advertising site.Launching their own uninstaller, autors of that PUP software deliberately do not put the items to reset/remove advertising site from registry keys (which they changed in the first place to the default and therefore redirecting remains.
That action has been characterized as malicious, because the average user do not know how to deal with it.
They are not difficult to remove, but much of it is lefted behind. The problem also occurs when the user use some initiate removal (eg. they run Malwarebytes to remove PUP software rather than try to uninstall from the Control Panel) and there is a problem because a lot bad entrys still remains.
As they become a target around the security forums by Union Forum and helpers. Malware removal tools are beginning to target them, later it has been developed specialized tools in that purpose. Starting with decision by Malwarebytes to get more seriously this problem, some PUP authors have started acting even more malicious changing their entries in the registry that their tool sets in the hope of escaping the final deletion from MBAM or some other tool, in order to still preform redirect in browser as long as possible, to keep the value even after removing the PUP software.
Zoek is the best tool this kind. Unlike many others (with honorable exceptions) who see only a part of the PUP or they target in known level, Zoek see them all. New or old versions.
Zoek can find & search adware, PUP, bad toolbars and even see a large part of the malware.
Most modern PUP software today do not sets just a single extensions in the browser, but also sets its value deep in the registry (in various locations) and a large part of it does remains active even after removal of the PUP’s because a lot of the same application using the same values. Someone who knows little better Windows initaling, or know how to properly use registry it should not be a big problem to remove these (although many still have) but now you may realize why sometimes this way (hunt & kill) is the most reliable method.
Here is my Zoek results log.
@ Jorrox
Zoek has done a wonderful job. Any remaining problems?
All seems fantastic. Many thanks…
Check back later for instructions on how to remove the tools used…
You are malware free. Posted logs are now appear cleans and show no signs of active infection.
Good workman always cleans up after himself.
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
• To help AntiVirus to protect your computer and speed it up, I recommend that you download, install and keep the following free programs:
-
Keep Malwarebytes Anti-Malware, update it regularly or from time to time and run a Quick Scan weekly.
Malwarebytes will detect and remove all traces of known malware. MBAM isn’t AntiVirus and it can NOT replace it. -
Keep MCShield Anti-Malware, the tool will be updated regularly and perform auto-checking for malware to each attached USB memory device.
MCShield, has been designed as a lightweight scanner that’s smart enough to catch even new worms and work in fully automatic removal mode. -
It’s recommended to delete Temporary Files every once in a while. Run the tool and click on the Start button and TFC will begin to clean. Then restart the computer.
Temp File Cleaner aka TFC by OldTimer
TFC is small & usefull utility that shall clean up temp files from all userprofiles and system folders.