Hi everyone,
Could anyone please help me with this? I keep getting “Avast has blocked a threat” popup every now and then.
Attached are the log files needed. Thanks in advance!
Let me know if this stops it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: 2015-04-28 18:40 - 2015-04-28 18:40 - 00000000 ____D () C:\ProgramData\ff84825200003017 C:\Users\Lim\feather_cl_RuneScape_Core.dat C:\Users\Lim\guardian_noregret_LIVE.dat C:\Users\Lim\JAGEXJAGEX_LIVE.dat C:\Users\Lim\JAGEXJAGEX_LIVE1.dat C:\Users\Lim\matrix_cl_matrix_LIVE.dat C:\Users\Lim\rn_cl_runenova_LIVE.dat C:\Users\Lim\rn_cl_serpent_LIVE.dat EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
It seemed to work, so far no popups from Avast yet
Thank you very much for your help, really appreciate it!
Same situation.
Tried all of the usual scan and removal apps (Spyhunter, MBAM, etc…). No go.
Happening on my VirtualBox VM guest OS (Windows 7 64 Bit Ultimate).
Required logs attached. Only ran aswMBR in ‘quickscan’ mode. Full scan kept crashing system.
Any help is greatly appreciated.
Thanks in advance!
Did you set these proxies
ProxyServer: [S-1-5-21-2913335514-2600213466-2721737044-1001] => http=127.0.0.1:49363;https=127.0.0.1:49363
ProxyServer: [S-1-5-21-2913335514-2600213466-2721737044-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:49363;https=127.0.0.1:49363
No.
I have Axure RP loaded and answering local only http requests (as a web server) on port 32767 but no proxies that I am aware of.
Thanks!
Matt
What is Avast alerting on ?
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: ProxyServer: [S-1-5-21-2913335514-2600213466-2721737044-1001] => http=127.0.0.1:49363;https=127.0.0.1:49363 ProxyServer: [S-1-5-21-2913335514-2600213466-2721737044-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:49363;https=127.0.0.1:49363 2015-04-27 00:46 - 2015-04-27 00:46 - 00000000 ____D () C:\ProgramData\385d9b2400004b6d 2015-04-27 00:44 - 2015-04-27 00:44 - 00000000 __SHD () C:\Users\Matt\AppData\Local\EmieUserList 2015-04-27 00:44 - 2015-04-27 00:44 - 00000000 __SHD () C:\Users\Matt\AppData\Local\EmieSiteList 2015-04-27 00:44 - 2015-04-27 00:44 - 00000000 __SHD () C:\Users\Matt\AppData\Local\EmieBrowserModeList 2015-04-27 00:41 - 2015-04-27 00:42 - 00000000 ____D () C:\Users\Matt\AppData\Local\File Viewer 2015-04-27 00:39 - 2015-04-27 00:39 - 00000064 _____ () C:\Users\Matt\AppData\Local\979999c855d797ea409475e9e19f195c 2015-04-25 17:16 - 2015-04-25 17:16 - 00000000 __HDC () C:\ProgramData\{1AC3401A-AA8A-4BE1-9462-65EFED7B6A44} 2015-04-25 17:12 - 2015-04-25 17:12 - 00000032 RSHOT () C:\Users\Matt\AppData\Local\t70rc.dat 2015-04-27 00:39 - 2015-04-27 00:39 - 0000064 _____ () C:\Users\Matt\AppData\Local\979999c855d797ea409475e9e19f195c Task: {9DCA5787-5B77-4329-8B19-5B2D2D4173AE} - \GeniusBox No Task File <==== ATTENTION Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
URL: http://blackled.info/4242/PathGeneration_142669364699402.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe
See attached pic.
OK. Tried the fix.
Here (attached) is the log.
Will try to get the system to generate new alerts…
Stay tuned.
YUP!
Seems like that did it. 8)
Normally I get the first popup from Avast the moment I connect to a new network (or just disable then enable the NIC).
Now, nothing… Everything else seems to be working like it says on the tin.
Thanks!
Got a fav charity I can throw $20 at?
- Matt
Last question:
Any idea what F### this particular exploit does?.. tracks… steals?
I do not use this VM for anything personal so no worries. Just curious.
Thanks again!
- Matt
Tries to download ads if Avast would let it