Need help with go.wvydeo.com, 7787.mclickurl.com

I keep getting a relentless stream of notices that Avast has blocked a harmful web page with references to Objects such as “https://go.wvydeo.com”, “https://7787.mclickurl.com” and “http://xmlka.com”, each of which shows the type of Infection to be “URL:Mal”. I have found many posts related to fixing the go.wvydeo.com problem, but they all say that the solution is specific to a particular computer and not to use it elsewhere. I have not found a general set of instructions to fix this problem on the Forum, and everything I have found online either isn’t clear to me or I don’t trust the source. Would somebody be willing to point me in the right direction? Thanks in advance for any help you might be able to give me… -Rick

Hi Rick, welcome to the forum :slight_smile:

Please change the links in your post from https// to htxps:// so that they are not clickable.

Follow this turtorial https://forum.avast.com/index.php?topic=53253.0 and attach the requested logs in your next reply.
As soon as an expert is online and available he/she will help you.

Greetz, Red.

Awaiting reports.

I have attached the scan log. Thanks so much for helping…

We need the other logs as well.

Here are the Farbar Recovery Scan logs…

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

I was running the aswMBR scan. Is that log not needed?

You can attach it.

I ran the FRST64.exe fix (Fixlog is attached) and restarted my computer.

I am still getting Infection warnings from Avast every few minutes (all of which show “URL:Mal” and “Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe”).

Warnings for the following have all popped up just within the last half hour:

hxxp://199.233.238.11/callflow/lp20fascdas/?a=HT&u=44k8zsc5d401&clickid=44k8zsc5d401&ent=yes&ext=yes&rec=yes&au=yes&lo=yes&browser=MSIE&country=United+States&device=&model=&os=Windows&isp=Comcast+Cable&ip={ip}

hxxp://go.wvydeo.com/resultsda/?x=0&qs=IhwIAhVYFXBZWhAcSUEKXVpFQkAxUVlJVAFCIwxFBBweEAYdJ0UcFGRRW0hbQ1Q8HgZPS1YVDlJcGBIXYE8KFQNYVTYSBBMFRUZdE0hTQFU2VF1eXFUVdV1FFgtNREdfXhQSEXUHD01cSxB1XVFFXx0GVF9AEREUYFlLExxYEGteU0JJQAhZQV4UERFjFVxAXEsQdV5TQgVAWllfXhERXWNHXUBcVRA5Xk1CSUVEWhNYFA8RY1ldQBBUDnVeU0JJDERHX14UEhF1AgpNXUhVNkgAGx1NR1lXWRAVBz8ACU1UVRJ3WlNKXxQbBA4HTxxiPwgeAwUIQTEHAFwaHxlPHhocEBVgXV1EXlUQcEgIBUQCGwdJDUpWHHUbCBYoWEgxGhNXShFRWwlLE0dHMgoIEgMKSzEcAhEcAloKAAMHVEADVDoZAgFPMh1GQElHUV4MJ2QEFjBYXFYdDU82Gl4RFUdZAB9DEBEMYkRfXV1SGGMcDRlEQVIZDhxVT0QhAAlNXVQUfFlWVBgABAALUxATGGNPHgUODER4X1NDS0NEWl9fB0hRbl5eXl1dFGtcU0BXR0NPCgBVU1huBAgdAxdFPU4REx0ZG08aHE0cSScdHVVfBAV3CEZAHxMYCBwdSExAJwAOXg8KTWBcBR4JXgQBH0sSR1QnBDITDQhQJAcEHFxDEA4IXREREWFcMi9ZUhhzVlQtJkNEUVhfFX5-YlhZSVtQDXRcWkJUQURYXV0REhFiTF9GGRdMYF0HERURBxoGA0BVSDBHDh8BQBIjDUZAHxEYBUpcR0xOIB0yAgkGRSsa

hxxp://7787.mclickurl.com/?p=5VurAFhI6bpiMCr8EHeuhQuu8fwywD5KSIpl7LGU99ImY8t8x8mxTM4mznWZ62dXqmCqBsHMNLGAdrJ0agQxHoiG9HbEtQYA4iZNQG4/sG1YWOoowRHJ4HkrgXf9XwVByz1SrgiU%2B2zYajAM/Z3J72BTc8CpckgbOw9t2KA//8JSR87XmNjPCSsS4Z9zjzAmjAs0DPp4oNVFh86uy/%2BFzfPeLkN7fdkz2ajFHVmNQa97Sm6TSFWh5UK0Rlq3HTCAzlpanV2trHPGdH4ugUvLM0C97VE2SWQ7cAwQmV1/gc/u%2BmGNaEZMJYert9VCE0TXEqBV3NjefzCKoZkaOzQtn70faw5SlVItRzN5O1lkV43cjf08IZ%2BgRxMfUWpjvHRKRHjKEpc4RhcwVWXNG3v0zUZPVCFhQKmRqAjlpcrRktLmDgN9aVjj7H1IsEF3hytkPTDajjs7vMgHB5WcPGPKqEQOyqiHQXwou7%2B8T/LPMgYK0s1611v/xYeAUWDwmEMnaiToBWusG5e3yNQy%2BjoVjBrgU7RNjoPkwW6hmv%2BRrqbw2HrYXIHinLimexFP/JgQ3DZSqxF2W%2Bl72M0gdf0OSw%3D%3D

hxxp://7787.mclickurl.com/?p=5VurAFhI6bpiMCr8EHeuhQuu8fwywD5KSIpl7LGU99ImY8t8x8mxTM4mznWZ62dXqmCqBsHMNLGAdrJ0agQxHoiG9HbEtQYA4iZNQG4/sG1YWOoowRHJ4HkrgXf9XwVByz1SrgiU%2B2zYajAM/Z3J72BTc8CpckgbOw9t2KA//8JSR87XmNjPCSsS4Z9zjzAmjAs0DPp4oNVFh86uy/%2BFzfPeLkN7fdkzbDQypyXl8hF7Sm6TSFWh5b3PIhTe2JlEfxLhmLItWfGBX9sdqXMcYzkPhqWoMb%2BDBDELWTXgSmHu%2BmGNaEZMJYert9VCE0TXEqBV3NjefzCKoZkaOzQtn70faw5SlVItRzN5O1lkV43cjf08IZ%2BgRxMfUWpjvHRKRHjKEpc4RhcwVWXNG3v0zUZPVCFhQKmRqAjlpcrRktIPKlmJ0OZADM3/YzxLTeJ5Ln8lyN4h%2BRk%2Bb6m3g0qSgv6AnU872YysAK2ovwuIAh2l8JaM5wFUOxespkEVZfRUJkwq1l54dZcShbyao0n2qTJ5mhhNqG2z0CQPWvX0N1xZcvzLnhySscmZgtq8JbkWJDMygcaKObBrd%2BRbmrLHIbIWSwWB%2B2g1

hxxp://213.136.76.36/tracheadeceptive/126039337811866

hxxp://199.233.238.11/callflow/lp20fascdas/?a=HT&u=n0ifv34j9y43&clickid=n0ifv34j9y43&ent=yes&ext=yes&rec=yes&au=yes&lo=yes&browser=MSIE&country=United+States&device=&model=&os=Windows&isp=Comcast+Cable&ip={ip}

hxxp://7787.mclickurl.com/?p=5VurAFhI6bpiMCr8EHeuhQuu8fwywD5KSIpl7LGU99ImY8t8x8mxTM4mznWZ62dXqmCqBsHMNLGAdrJ0agQxHoiG9HbEtQYA4iZNQG4/sG1YWOoowRHJ4HkrgXf9XwVByz1SrgiU%2B2zYajAM/Z3J72BTc8CpckgbOw9t2KA//8JSR87XmNjPCSsS4Z9zjzAmjAs0DPp4oNVFh86uy/%2BFzfPeLkN7fdkz43jE/UH8uBC1e/bILX5S7zZ8q2JI8ThSaKggFL5/Z2LFLXu8880QogSCFotkvUAIZdbJMdX7rlXumzHErthLVr2NUWAs9/NZsYpRyYB%2B5jglAqR6m8bpPOhRvxwtSW2hN6DdIh5WjgQciBx1utnsHaQPnVf8i7fU4wNrBkBqWPB5vBLtVxXhZXTald9Z293/pAW85u/P/dELG3QRXbYr7KQWmSqEl07pLn8lyN4h%2BRk%2Bb6m3g0qSgv6AnU872YysAK2ovwuIAh2l8JaM5wFUOxespkEVZfRUJkwq1l54dZcShbyao0n2qTJ5mhhNqG2z7ubMNVWUj0YMsJjUhu9jniQzMoHGijmwa3fkW5qyxyGyFksFgftoNQ%3D%3D

Don’t know if it will help, but here is the aswMBR log. When I ran the FRST fix, the first aswMBR scan was running and when the computer re-started it terminated the scan before it finished, so I ran another one…

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
autoclean;
bitsadmin /reset /allusers;b
chrdefaults;
emptyalltemp;
ipconfig /flushdns;b

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

The ZOEK scan took hours and then it took multiple tries to get my computer restarted. After a few failed attempts, including a couple of rounds of start-up repairs, it finally worked and the zoek-results popped up in a notepad window. The zoek-results.txt file is attached. Thanks for sticking with me on trying to get this worked out!

How is your PC behaving now?

It is definitely not any better and seems as if it is actually getting worse…

What should I do now?

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

I ran Farbar again and have attached the FRST.txt and Addition.txt files…

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/warning.gif
Multiple Resident Protection warning!

Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

[]AntiVir Desktop
[
]avast! Antivirus

Uninstallation procedure:

[*]Press the
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png

  • R on your keyboard at the same time. Type appwiz.cpl and click OK.
    [*]Search for each uninstalled entry, right-click it and select Uninstall.

This should be done until any other steps will be taken.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

  1. I was not aware that I had more than one antivirus program. (I don’t know what “AntiVir Desktop” is).

  2. I want to keep using avast!Antivirus.

  3. “AntiVir Desktop” does not appear on my computers list of installed programs, so I can’t figure out how I can uninstall it. I did find an AntiVir Desktop folder in an Avast folder in the Programs (x86) file on my C:drive, but I haven’t been able to find any removal tool. Do I just delete the entire file?

  4. Should I wait to run the Farbar Recovery Scan Tool with the fixlist you sent until I figure out how to get rid of AntiVir Desktop , or go ahead and run it now?

http://www.avira.com/en/support-for-home-knowledgebase-detail?kbid=88