Malware Threat detected, but cant find the malware

Viruses and worms
1

Hi everyone,
I have a Pentium 5 running Win 8.1, and free Avast antivirus.

I visited one of our political parties website using Chrome and immediately Avast started reporting a threat.

Threat Blocked!
URL: http://107.170.47.181/api/?ord=5172363249590228000
Infection: URL:Mal
Process: C:\Program Files\Google\Chrome\Application\chrome.exe

I have used several different malware and antivirus scanners without success.
Any suggestions would be greatly appreciated,
Mark.

2

Looks like a new one becoming more prevalent

First off does the alert cease if you run Chrome in incognito ?

https://support.google.com/chrome/answer/95464?hl=en-GB

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

3

Hi,

I experienced the same infection warnings since Tuesday 2016-04-26, and essexboy’s question about incognito mode lead me to the culprit. Avast’s “URL:Mal” warning of “http://107.170.47.181/api/?ord=…19digitnumber…” only appeared in normal browsing mode of “Comodo Dragon” (a chromium based web browser), no warnings in incognito mode.

Therefore clearly some browser add-on/extension must be the culprit! By switching extensions off one-by-one and re-testing, I found that

Facebook Video Downloader
https://chrome.google.com/webstore/detail/facebook-video-downloader/amjcoehkcacocffpmhnefgoeanepjfkf
causes these warnings! (at least in my case)

Checking Chrome’s extension folder (= %LOCALAPPDATA%\Comodo\Dragon\User Data\Default\Extensions\) the date of subfolder “amjcoehkcacocffpmhnefgoeanepjfkf/” for “Facebook Video Downloader” has lastly been changed on 2016-04-26, where it has been updated to version “1.6.0_0”.

So I guess, that “Facebook Video Downloader” went nasty when having been updated to this new version. No idea, if earlier versions did already behave badly undetected …

seekingTruth, could you give us feedback please, if it is the same for you? Just disable “Facebook Video Downloader” and check, if the problem persits.

Regards,
Martin

4

Hi Everyone,

Thanks Nutzer I tried that just now and it works, excellent, thanks :smiley:

Well done :smiley:

5

Ta, I wondered which one it was

6

thanks for the info, the problem was the fuck*ng facebook video downloader