Malware "skegnessasc.org"

I keep getting an Avast pop up that says something around the lines of “object http.skegnessasc.org/accounts/restorefunction.css” with the next part saying something with “URL:Mal” and says it’s running from “svchost”. I’ve been to various boards and I’ve tried all the fixes, but to no avail. I’ll post my FRST logs to see if that could help at all.

here is my mbam.txt. I’m trying to post a log for aswMBR, but it says “Scan error” so I don’t know.

http://s27.postimg.org/rg6b09gn7/asw_MBR.jpg

That’s the error to aswMBR that’s why I can’t scan.

Hi chrmdfreakforfb,

Welcome to the forums.

Once you’ve got the FRST logs posted, a certified malware removal expert will be contacted for you. Make no further changes to your system whilst under his care, and provide logs from malware removal programs he asks for. Be aware that the absence of symptoms does not mean a malware infection is fully cleared until the expert says it is. Working together is how your system will be cleaned; he is your guide.

I’d not worry overmuch about the aswMBR.exe scan error as there are a multitude of different ways to skin the cat, so to speak.

Here are my FRST and Addition logs

Good Morning :slight_smile:

I think that the main problem with aswMBR is that you have saved it to D:\ drive. Please move it to your desktop and try again.

https://sites.google.com/site/cannedfixes/otl/51a5d669693dd-icon_OTL.png
Scan with OTL

Please download OTL by OldTimer and save the file to your desktop.

[*]Right-click on
https://sites.google.com/site/cannedfixes/otl/51a5d669693dd-icon_OTL.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Make sure that Scan All Users, LOP check and Purity check are ticked.
[*]For 64-bit systems only - make sure that Include 64-bit option is also ticked.
[*]Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
[*]Section Extra Registry is also set to Use Safelist.
[*]Under the Custom Scans/Fixes bar in the box paste in the following:

BASESERVICES
/md5start
rpcss.dll
user32.dll
/md5stop

[*]Push Run Scan and wait patiently.
[*]Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

Here is my aswMBR

I didn’t allow that “virtualization” thing, that’s why I got the error. hehe

Thank you for providing aswMBR logfile. Now please perform my OTL instructions, as mentioned prior :slight_smile:

Scanning as we speak sir. Thanks!

Awaiting
http://www.geekstogo.com/forum/public/style_emoticons/default/spoton.gif

Phew!! That was a freaking long scan. here they are. I just hope that this is just a minor malware. hehe

Please post this logs once more, but this time make sure they will be saved as ANSI and not Unicode, cause they look like a mess for me.

Thank you :slight_smile:

ANSI

Now it’s displaying 5 errors at the same time!! :o :o
The 5 are all the same.

There appears to be a critical system file patched. I need to make sure instead of blind-jumping with fixes.

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/virustotal.png
Scan with VirusTotal

Please go to VirusTotal.

[*]Click Choose File and locate the following file:

C:\Windows\System32\User32.dll      

[*]Click Scan it!.
[*]If you receive the following notification: File already analysed click Reanalyse.

Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply.

Here’s the URL. https://www.virustotal.com/en/file/88cf562d5f8c803a4ff8db28c355073c58be6c02ce950149584749d2d72cc6de/analysis/1408439757/

All green ticks

If it helps, there’s a user that has a similar problem as me here in your forums and it seem his/her problem has been solved.

https://forum.avast.com/index.php?topic=153591.0

I tried doing the steps in that inquiry but it says that “This fix is only valid for this specific machine, using it on another may break your computer” so I opted to make a new topic fearing that my problem might be unique.

Thank you, I am aware where the problem lies. I just wonder if there isn’t anything more malicious here…

I will go through your logs once more. Give me some more time.

http://s11.postimg.org/lm1uhpcar/threat.jpg

This is the webpage it leads me to when I click “more details”

http://www.avast.com/en-ph/lp-fr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_90_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-ph%2Fvirus-alert-default&p_vir=VVJMOk1hbA&p_prc=C:\Windows\system32\svchost.exe&p_obj=aHR0cDovL3NrZWduZXNzYXNjLm9yZy9hY2NvdW50cy9yZXN0b3JlZnVuY3Rpb24uY3Nz&p_var=.%2Ffa%2Fen-ph%2Fvirus-alert-default&p_elm=7&p_lex=342&p_lid=en-ph&p_lng=en&p_lqa=0&p_lqe=0&p_lst=0&p_lsu=24&p_pro=0&p_bld=empty&p_vep=9&p_ves=0&p_vbd=2021&p_hid=dd28a6b8-999d-4921-9a55-da3983e27412&p_ram=1974&p_cpu=6.6

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/MGADiag.png
Scan with MGADiag

Need to check one more thing.

[]Please download [b]MGADiag[b] by Microsoft and save it to your desktop.
[*]Double-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/MGADiag.png
icon to start the tool.
[*]Press Continue when prompted.
[*]When it has finished, press Copy.
[
]Press the
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png

  • R on your keyboard at the same time. Type Notepad and click OK.
    [*]Paste (Ctrl+V) this into notepad and save to your desktop.

Include that report in your reply.

here