I continue to get messages “web shield has blocked a harmful webpage or file.” Ten different messages in all. All show Infection: URL: Mal. Object has various names. All are in the same process: C:\Windows\system32\svchost.exe. They are not in the Avast quarantine box so I can’t delete them. I have tried a couple anti malware systems and they have not found them/helped. The popups are driving us nuts. Any help would be appreciated.
Hey and welcome to the avast forum. This could indicat as an infektion.
Please follow this guide and attach the logs from mbam,otl, aswmbr does not run om win 8 and win 8.1
https://forum.avast.com/index.php?topic=53253.0
Good luck
Hope I did this correctly. I am not computer savvy.
Hi,
Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Here it is.
- Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.
- Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.
Instructions how to disable avast:
[*]Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.
- Run ComboFix. Click on I Agree!
[i][size=7pt]- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.
- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.[/size]
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console. - ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
[/i]
- When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
Attached.
Open notepad and copy/paste the text present inside the code box below:
FCopy::
c:\windows\erdnt\cache\rpcss.dll | c:\windows\system32\rpcss.dll
ClearJavaCache::
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
Tell me how is your PC now?
Hello,
This last procedure seems to have fixed all issues. Thank you very much!
Is there any way to avoid these type of problems in the future?
I’d like to state that Microsoft no longer supports Windows XP operating system which makes you vulnerable to malicious software. I’d counsel you to upgrade to Windows Vista or above for full protection.
You can read this how to stay safe on internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online
For future protection I can recommend you:
- Adblock → https://adblockplus.org/en/chrome
- Unchecky → http://unchecky.com/
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
When I tried to download delfix I received this message:
There is a problem with this website’s security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website’s address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Can you post a screenshot, i cant replicate it in IE, Chrome or Firefox.
I can’t seem to post the screen shot. “It’s too large” or it’s in the wrong format.
OK. Search for Snipping tool in Windows and open it up and choose new on the top left, then drag over the browser window with the message, not
the full screen, the message is enough.
I copied and pasted it in the above reply. Will this do?
Not familiar with snipping. Not computer savvy.
Under the answer box is an option Attachments and other options, use this to attach the screenshot here. 
There is a problem with this website’s security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website’s address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Click here to close this webpage.
Continue to this website (not recommended).
More information
If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the ‘www’ to the address, https://www.example.com.
If you choose to ignore this error and continue, do not enter private information into the website.
For more information, see “Certificate Errors” in Internet Explorer Help.
The certificate is legit and not outdated. Thats weird.
Did you change the browsers settings somehow?
? Like I said…I am not computer savvy. I have done nothing, for the last couple of days, that I was not told to do…I have no clue as to what is going on.
Thanks.
I have no clue either…