Avast alerted me to an infection / malicious website, and I’m seeking help locating and removing it.
I’m running upgraded Windows 10 Home edition, build 10586 on a Dell XPS 15 laptop.
I tried to follow the steps in the post: https://forum.avast.com/index.php?topic=53253.0
The Avast message read as follows:
"Infection blocked
I installed MalwareBytes and ran scans, which found several pups and adware. I quarantined and eliminated them, although I saved the log file identifying the malware.
However, I’m still getting alerts, though now they’re from MalwareBytes.
Unfortunately, yes.
I have been manually starting the Internet connection, and a Malwarebyte’s alert launches as soon as it connects, even before a browser is launched.
If the computer stays connected, Malwarebytes launches an alert about every 10 minutes.
In trying to understand what’s happening, is it that I have a program or process that’s trying to reach that URL, but is getting blocked by Malwarebytes and/or Avast?
And that means the malware is in the registry, or programs, somewhere?
I ask that because I’m wondering that if I have to start deleting and reloading, or wipe the hard drive and reload everything, how far back I would have to go.
Early in the process, before posting here, I tried to roll back to a restore point before the alerts began. But it would not restore and crashed the computer.
…
Also, for what it’s worth, a search for the exact phrase of the error message returns only one result: at virustotal.com.
The more information tab for this detected URL led to a page with the following message under http response headers.
“date: Tue, 10 May 2016 17:18:40 GMT
set-cookie: anbtr=b3aed85f8d129a0929aadeab66f778ea; domain=.wds02.com
connection: close
content-type: text/html
server: nginx”