system
August 19, 2014, 7:54am
1
I keep getting an Avast pop up that says something around the lines of “object http.skegnessasc.org/accounts/restorefunction.css ” with the next part saying something with “URL:Mal” and says it’s running from “svchost”. I’ve been to various boards and I’ve tried all the fixes, but to no avail. I’ll post my FRST logs to see if that could help at all.
here is my mbam.txt. I’m trying to post a log for aswMBR, but it says “Scan error” so I don’t know.
system
August 19, 2014, 7:59am
2
http://s27.postimg.org/rg6b09gn7/asw_MBR.jpg
That’s the error to aswMBR that’s why I can’t scan.
mchain
August 19, 2014, 8:02am
3
Hi chrmdfreakforfb,
Welcome to the forums.
Once you’ve got the FRST logs posted, a certified malware removal expert will be contacted for you. Make no further changes to your system whilst under his care, and provide logs from malware removal programs he asks for. Be aware that the absence of symptoms does not mean a malware infection is fully cleared until the expert says it is. Working together is how your system will be cleaned; he is your guide.
I’d not worry overmuch about the aswMBR.exe scan error as there are a multitude of different ways to skin the cat, so to speak.
system
August 19, 2014, 8:07am
4
Here are my FRST and Addition logs
system
August 19, 2014, 8:15am
5
Good Morning
I think that the main problem with aswMBR is that you have saved it to D:\ drive. Please move it to your desktop and try again.
https://sites.google.com/site/cannedfixes/otl/51a5d669693dd-icon_OTL.png
Scan with OTL
Please download OTL by OldTimer and save the file to your desktop.
[*]Right-click on
https://sites.google.com/site/cannedfixes/otl/51a5d669693dd-icon_OTL.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Make sure that Scan All Users , LOP check and Purity check are ticked .
[*]For 64-bit systems only - make sure that Include 64-bit option is also ticked .
[*]Sections Processes , Modules , Services , Drivers , Standard Registry are set to Use Safelist .
[*]Section Extra Registry is also set to Use Safelist .
[*]Under the Custom Scans/Fixes bar in the box paste in the following:
BASESERVICES
/md5start
rpcss.dll
user32.dll
/md5stop
[*]Push Run Scan and wait patiently.
[*]Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).
Please include the content of both logfiles in your next reply.
system
August 19, 2014, 8:15am
6
Here is my aswMBR
I didn’t allow that “virtualization” thing, that’s why I got the error. hehe
system
August 19, 2014, 8:18am
7
Thank you for providing aswMBR logfile. Now please perform my OTL instructions, as mentioned prior
system
August 19, 2014, 8:18am
8
Scanning as we speak sir. Thanks!
system
August 19, 2014, 8:21am
9
system
August 19, 2014, 8:29am
10
Phew!! That was a freaking long scan. here they are. I just hope that this is just a minor malware. hehe
system
August 19, 2014, 8:34am
11
Please post this logs once more, but this time make sure they will be saved as ANSI and not Unicode, cause they look like a mess for me.
Thank you
system
August 19, 2014, 9:06am
13
Now it’s displaying 5 errors at the same time!! :o :o
The 5 are all the same.
system
August 19, 2014, 9:09am
14
There appears to be a critical system file patched. I need to make sure instead of blind-jumping with fixes.
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/virustotal.png
Scan with VirusTotal
Please go to VirusTotal .
[*]Click Choose File and locate the following file:
C:\Windows\System32\User32.dll
[*]Click Scan it! .
[*]If you receive the following notification: File already analysed click Reanalyse .
Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply.
system
August 19, 2014, 9:17am
15
system
August 19, 2014, 9:22am
16
If it helps, there’s a user that has a similar problem as me here in your forums and it seem his/her problem has been solved.
https://forum.avast.com/index.php?topic=153591.0
I tried doing the steps in that inquiry but it says that “This fix is only valid for this specific machine, using it on another may break your computer” so I opted to make a new topic fearing that my problem might be unique.
system
August 19, 2014, 9:32am
17
Thank you, I am aware where the problem lies. I just wonder if there isn’t anything more malicious here…
I will go through your logs once more. Give me some more time.
system
August 19, 2014, 9:54am
19
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/MGADiag.png
Scan with MGADiag
Need to check one more thing.
[]Please download [b]MGADiag[b] by Microsoft and save it to your desktop.
[*]Double-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/MGADiag.png
icon to start the tool.
[*]Press Continue when prompted.
[*]When it has finished, press Copy .
[ ]Press the
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png
R on your keyboard at the same time. Type Notepad and click OK .
[*]Paste (Ctrl+V) this into notepad and save to your desktop.
Include that report in your reply.