system
March 6, 2016, 9:31pm
1
Any help you can provide would be greatly appreciated! My Avast software is giving me “Threat Detected” messages every 30 seconds or so. They just keep coming. The details of the threat are as follows:
Object - http://reannewscomm.com/ads.php?sid=1966
Infection - URL:Mal
Process - c:\windows\explorer.exe
Sometimes I get multiple threats at once and most of them are like the one above. Occasionally I also see threats with this description:
Object - http://sitestatistic.net/www/delivery/ajs.php?zoneid= …
Infection - URL:Mal
Process: c:\windows\system32\conhose.exe
My operating system is Windows 7 Home Premium and I’m attaching these files:
MalwareBytes Scan Log - MBAMScanLog03052016.txt
Farber output files - FRST.txt and Addition.txt
I also ran aswMBR and the first time my system re-booted. I changed the name of the file and am running it again. It’s still running but is taking a really long time. I will attach the scan log to this thread when it finishes.
Any help you can provide would be greatly appreciated. Thank you.
Let me know if this stops the alerts
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKU\S-1-5-21-3100448734-784222415-454981768-1000\...\Run: [ogjwbxqa] => "C:\Users\AcerDesktop\AppData\Local\rdkjfuob.exe"
URLSearchHook: HKU\S-1-5-21-3100448734-784222415-454981768-1003 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
2016-03-05 15:37 - 2016-03-05 15:37 - 00000000 ___HD C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}
2016-03-05 07:38 - 2016-03-05 07:39 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{1B49DF05-0F45-42AE-B193-68ADBD64BC60}
2016-03-04 19:37 - 2016-03-04 19:37 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{7B85AF82-E88A-4406-958C-628964F85D1B}
2016-03-04 07:36 - 2016-03-04 07:36 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{1FC85F58-D8E9-483B-8654-E0F3FB109A7C}
2016-03-03 19:36 - 2016-03-03 19:36 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{7A110305-80E6-4FAD-9FCD-7B6FFA66E683}
2016-03-03 07:35 - 2016-03-03 07:35 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{7E9376D6-A777-40E1-8D89-D8851E42C075}
2016-03-02 10:59 - 2016-03-02 10:59 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{5B6FAE86-D691-4143-8ACD-982C0FE24450}
2016-03-01 22:58 - 2016-03-01 22:58 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{DB8A0C4C-B008-4BF8-99AF-F69152605433}
2016-03-01 10:57 - 2016-03-01 10:57 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{87C1005B-ADF1-43A2-8225-E9666E01339B}
2016-02-29 22:56 - 2016-02-29 22:56 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{D58A4ED8-4943-44F9-96B4-AA45A9C7F09D}
2016-02-29 10:55 - 2016-02-29 10:56 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{BACD3DB8-000E-403C-8831-C8D02BC60BAF}
2016-02-28 14:02 - 2016-02-28 14:02 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{24FE806B-CD98-44CE-85B2-CF389111872C}
2016-02-27 10:29 - 2016-02-27 10:29 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{9627FA8B-B1F6-447F-965E-CE67CCE0176D}
2016-02-26 15:23 - 2016-02-26 15:23 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{50547A1B-22E0-4AD9-8EAB-2C5A3FDE58E6}
2016-02-26 03:00 - 2016-02-26 03:00 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{09F8FDB7-DEAF-477D-B7CA-E9E6C9FB9210}
2016-02-25 11:21 - 2016-02-25 11:22 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{5F50AAA1-8BA8-4358-A11B-B01FD9D3B6F4}
2016-02-24 08:43 - 2016-02-24 08:43 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{10B0CD82-CB16-4279-8034-93956F6FB330}
2016-02-23 09:20 - 2016-02-23 09:20 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{97A41B3E-5ACB-48CF-AFD3-D255BDAD634C}
2016-02-22 10:34 - 2016-02-22 10:34 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{EA5BD730-3D6E-4B07-B83D-D3973BC82DD9}
2016-02-21 12:41 - 2016-02-21 12:41 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{9AB4BA48-66E1-4847-8E46-C9BC1ADD5831}
2016-02-20 13:23 - 2016-02-20 13:23 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{4E578F51-5E0B-4552-BF4E-D18065829F29}
2016-02-19 08:46 - 2016-02-19 08:46 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{3009A924-C5D5-4804-8E2D-CD7912173271}
2016-02-18 08:31 - 2016-02-18 08:32 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{A5658AD7-D412-48AA-A587-139C2AE2DFA0}
2016-02-17 10:33 - 2016-02-17 10:34 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{4D209E08-0413-43BF-AE61-5D447CEB49A7}
2016-02-16 18:02 - 2016-02-16 18:02 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{A3F508C4-9254-4F82-B8B5-56B78A8A5776}
2014-05-22 12:29 - 2014-05-22 12:29 - 0068314 _____ () C:\Users\AcerDesktop\AppData\Local\bepkvefn
2014-05-22 12:30 - 2014-05-22 12:30 - 0012326 _____ () C:\Users\AcerDesktop\AppData\Local\paopserc
C:\Users\AcerDesktop\AppData\Local\rdkjfuob.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan .
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok .
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
system
March 6, 2016, 11:08pm
3
I’ve run the FRST fix. I’m attaching the fixlog file. I’m not seeing the “Threat Detected” popups anymore. I’m going to run the AdwCleaner next.
system
March 6, 2016, 11:35pm
4
I’ve run AdwCleaner and am attaching the logs for it (scan and clean).
Everything appears to be working. My CPU utilization is back to normal and there are no more “threat-detected” messages. Thank you very very much!