computer doesn’t stop popping up this alert since 2 days for websites that I’ve never visited ! " img attached "

also logs required according to this post
https://forum.avast.com/index.php?topic=53253.0
are being done but taking along time

i need you to help me as fast as you can to get rid of this annoying problem as i have exams and those things nerves me and delaying my work of studying

note : i suffer three days ago from shortcut virus that i tried all kinds of scan with avast and with anti-malware and nothing happened virus still exist while using Flash memories or memory cards !

thanks in advance

See the file listed at the bottom of your pic … prosess: c:\users\dell.…[b]amdmonitor.exe[/b]

Upload that file to www.virustotal.com and test it, if scanned before click rescan for a fresh result
Post link to scan result here

note : i suffer three days ago from shortcut virus that i tried all kinds of scan with avast and with anti-malware and nothing happened virus still exist while using Flash memories or memory cards !

In the guide here https://forum.avast.com/index.php?topic=53253.0 Scroll down to [b]SPECIFIC INFECTIONS LOGS[/b] see instructions for [b]MCShield[/b] .....follow it and post log

for now the pop up have disappeared !
may be that is a result for am using tool called " dr web cureIt " that began scan before i use anti-malware
and both of them are still running right now
dr web tool have found some threats and block them " some of are other programs " , i intend to upload its log report with others ,
what should i do now ?
hint : shortcut problem still exist

and both of them are still running right now

Are you running multiple scan at same time? Dont do that or you may get conflicts

Follow instructions given in guide and above… malware removal expets are notified, it may take hours before they are online so be patient

i stopped the tool " dr web" and let anti-malware working right now

while trying to install MCshield
i receive error " windows can’t access the file path , you may not have the appropriate permissions "
this error also appear for me while trying to install anti-mal and search result consider this problem as a sign for malware that prevent the installation for this kind of programs !

i succeeded in install MC by rename the exe file into " explorer.exe"
but however i can’t run it after installation

dr web log file size is about 60 MB! is it normal ?
which can’t be attached

pop up returned to appear again

i’ve scan as you mentioned
result here :
https://www.virustotal.com/en/file/d73f7ee4e6e992a618d02580bdbf4fd6ba7c683d110928001092f4073341e95f/analysis/1420157468/

while working with FTRS computer freezes , and i had to restart it
and process changed to another one
also i scanned it
result here :
https://www.virustotal.com/en/file/d73f7ee4e6e992a618d02580bdbf4fd6ba7c683d110928001092f4073341e95f/analysis/1420158530/

then while working with aswMBR , my laptop turned into blue screen that told me i have to restart my computer to get rid of critical problem
and i noticed only sentence " crash dumping "

i started my computer and while windows loaded it gave me black screen for about 10 seconds and just the mouse cursor is exist
before Desktop to appear

pop up came again with new process
result of scan here :
https://www.virustotal.com/en/file/d73f7ee4e6e992a618d02580bdbf4fd6ba7c683d110928001092f4073341e95f/analysis/1420160316/

required logs are attached
anti-malware
FTRS
aswMBR

hint : i can’t run MCshield !

things getting worse and iam afraid that i had a hardware problem because of this virus ?
is it possible that virus could causes H.W. serious problems!

Hello eng.ayaadel and welcome to avast!. I will be working on your Malware issues.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the ‘all clear’ even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper

---

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

[*]Type amdmonitor.exe into the Search: field in FRST then click the Search File(s) button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
[*]Please attach it to your reply.

---

Please download Zoek tool by Smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers and temporarily disable your AntiVirus program. (if it is necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool. Please wait while the tool does not start…

[*] Click More Options and check box only for this option:

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Auto Clean

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”

first of all thanks for your help

while trying to run zoex it doesn’t run !
i had to rename it into " explorer " like other tools that can’t be run for unknown reason unless renaming it
such ’ anti-malware’ , ’ MCshield’ and last ’ zoex’ !

i’ve done the search for the process " amdmonitor.exe " , and
also for processes called " amdproc.exe" , " udphost.exe" , “winsys32.exe” which appears in the pop up alert window each time computer restart

additional attaches

[list]Ok, I see. Avast interfered with FRST’s SearchFile operation. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon.
If you are unsure how to do this please read this or this Instruction.

Then repeat search only for amdmonitor.exe. Post fresh created Search.txt logfile.

---

Multiple Antivirus Programs

You are running more than 1 Antivirus program!

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Baidu Antivirus (Enabled - Up to date) {10616E6C-0E20-8594-D377-A7D03F6128A6}

Running - more than one - antivirus program is not recommended because:
[*]They can conflict with each other.
[*]Report the other antivirus software as malicious.
[*]Antivirus programs use an enormous amount of computer’s resources… actively scanning your computer.
[*]Can cause your computer to become unstable…run slowly and even, in rare cases, BSOD crash…etc
I strongly suggest you uninstall one of them. Which one, is your decision.

Uninstall Baidu Antivirus. This product cannot be can not be match with avast! engine.

---

Please download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm “End user Licence Agreement” and “KSN Statement” dialog box by clicking on Accept button.

[*]Under Additional options check the boxes next to:
- Verify Driver Digital Signature;
- Detect TDLFS file system
- Use KSN to scan objects
[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

---

Re-run FRST tool and press [Scan] button and post me the fresh created FRST.txt logreport.

i’ve uninstalled Baidu

link for TDSSkiller not working
i’ve downloaded it by email from kaspersky website

Hello eng.ayaadel,

link for TDSSkiller not working

Thank you for telling me that. I shall update the link for future use. :)

Posted FRST log still shows the Baidu active files. Verify Baidu’s removal.

And posted FRST log does not show active malware. avast detection are FP. You may reprot FP detection via this link:

https://www.avast.com/contact-form.php
https://blog.avast.com/tag/false-positive/

Although FRST logs are clean, I would like to preform some additional checks to the system. First, remove Baidu, then go for the ComboFix run.

1. Please download ComboFix by sUBs (
   http://www.mcshield.net/personal/magna86/Images/IconComboFix.png
   ) from here and save it to your Desktop.
   [i]If you are unsure how ComboFix works, read this guide.

---

2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
   If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:
• Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
• In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.

---

3. Run ComboFix. Then, on disclaimer window, click I Agree! button.

[i][size=7pt]- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.

• ComboFix will scan your computer in stages, total of 50 stages.
  Do not mouse-click around while ComboFix is running.
• If malware is detected, ComboFix will begin with its removal, and may need to restart Windows.
  Note:If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
  [/i]

---

4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt)
   => Attach log report (ComboFix.txt) back to topic.

ComboFix shall also create addition log (typical location: C:\Qoobox\ComboFix-quarantined-files.txt)
=> Please attach that report (ComboFix-quarantined-files.txt) as well.

a warning pops up while combfix was working " image attached"

a warning pops up while combfix was working " image attached"

That can be ignored ...

Posted FRST log still shows the Baidu active files. Verify Baidu's removal.

ComboFix still shows the Baidu's active files. Have you removed it from your system? I shall target this leftovers with ComboFix's CFScript. Also, CF tells me that you had a good number of previus installed AV software like Smadav 2014 and Defender Pro (?). This isn't good. Install one [b]valid[/b] AV and keep use it, do not run multiple AV programs ...

---

Open notepad and copy/paste the text present inside the code box below:

Driver::
PCFApiUtil
BprotectEx
BASSVC
PCFasterSvc_{PCFaster_4.0.0.0}

SecCenter::
{10616E6C-0E20-8594-D377-A7D03F6128A6}

File::
c:\users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
c:\windows\SYSNATIVE\drivers\BprotectEx.sys

KillAll::

Folder::
c:\program files (x86)\Baidu Security
c:\users\dell\AppData\Roaming\Baidu
c:\programdata\Baidu
c:\program files (x86)\SMADAV
c:\users\dell\AppData\Local\Defender_Pro
c:\program files (x86)\PC App Store
c:\users\dell\AppData\Roaming\PC App Store
c:\users\dell\AppData\Roaming\rmldvbyg
c:\program files (x86)\Baidu Security
c:\program files (x86)\Defender Pro Quick Scanner

ClearJavaCache::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster PC Faster"=-
"Baidu PC Faster 4.0.0.0"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000000

Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

---

Then visit this site, download and run this appremover tool to remove any AV leftover …
http://www.appremover.com/

those anti-viruses were uninstalled , how it could be still visible !

and while trying to install app removal "free version " it told me that licenceins over

Hello,

We shall use ComboFix via CFScript one more time but this time create CFScript.txt with this script and run the tool as you did before.
Pls post me the fres created ComboFix.txt. Also, pls run FRST one more time, hit Scan button and post me fresh FRST.txt for final analysist.

Folder::
c:\programdata\Baidu
c:\program files (x86)\Baidu Security

KillAll::

File::
c:\windows\system32\drivers\BProtectEx.sys

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BaiduAntivirusIconLock]

Tell me the computer behavior.

first , while dragging and dropping the script into the exe of combofix it told me that update is available to be downloaded , i accept and it downloaded and installed successfully without any problems then , it scan and restarted but it takes longer time to create log file than previous times .

then i run the FRST and while it is running i deleted the log file by mistake and repeat the scan

i was not sure if the script run or the program just repeat install only !
so i run the script once again and the FRST also once again , then FRST created another application called FRST64

all logs history are attached

computer doesn’t pop up the alert and while copying files to an USB, files remains and don’t transform into shortcuts like past time

Hello,

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Start
CloseProcesses:
SearchScopes: HKLM-x32 -> DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = 
SearchScopes: HKU\S-1-5-21-3977876733-2212892616-1434605060-1000 -> DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = 
SearchScopes: HKU\S-1-5-21-3977876733-2212892616-1434605060-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3977876733-2212892616-1434605060-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
U0 msahci; No ImagePath
FF Extension: No Name - C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\4f8rbe4n.default\extensions\{55a46a73-c911-449f-8397-8c8030a99f20} [Not Found]

Hosts:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
C:\Users\Public\Documents\Baidu Security

EmptyTemp:
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Then reset both Firefox and Chrom web browser to there defaults. Here is how to:

https://support.google.com/chrome/answer/3296214?hl=en
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

Tell me how is the computer behavior now?

hello,

first : FRST run fix file normally without any problem ,after it finished asked me to restart . i accept

second : here is the problem
computer doesnot restart normally !!!

after the windows sign which alert me than windows is being start , a blue screen occurred " for less than one second " then computer booted again ! then list me some options to restart computer , i choose " start windows normally " the same problem repeated " problem of the blue screen " , i' have choose this option more than 5 times and another option " start with the last good configuration " and problem never stop happening !

once i choose " start in safe mode " it works , " computer make a sound " beside the place of the DVD"

third : program " FRST" doesn’t continue work after computer restart

i noticed that my laptop battery were about to finish , i thought that this is the problem reason ! so i connected charger , and repeat fix operation once again , but the same scenario mentioned above " blue screen problem" happened !

fourth : i opened google chrome browser * saved taps from last session were removed , and this tap appeared with this link
http://tampermonkey.net/changelog.php?version=3.9.202&ext=dhdg&updated=true&old=3.9.131

then , finally: i reset Chrome and Firefox as mentioned .

important notes :

[ol]- web shield alert pop up do not appear from two days ago ,
- blue screen problem appeared before ’ i’ve mentioned in my early replays on this post , but it wasn;t the same one as last time .
- a record a video for the screen and take a screenshot of it , attached below " sorry for bad image resolution "
- the fist and second logs are attached also .[/ol]

Is the blue screen problem refers to a hardware problem , and is there any kind of viruses or malwares that can cause hardware problems ?