opticguardzip.net

Cannot get these pop s to stop! Any help? tried almost everything

URL: htxp://opticguardzip.net/4141/SeekerFoobar_142667093446537.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs … 3 logs total

Logs Attached per instructions

asw file

Hello,

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
autoclean;
emptyalltemp;
bitsadmin /reset /allusers;b
ipconfig /flushdns;b

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

zoek results

@smoothjazztampabay,

Please break that live link like with htxp:// → https://www.virustotal.com/nl/url/b20c7e3ab0dc9f639460acbd84b9c722b6e90167781195ebc5bca46509740157/analysis/1433086865/
https://www.virustotal.com/nl/file/2056e92880e02faa02bfc80ecd1b2ca619e9ee76094a5193610d578c58f5c78b/analysis/1431512570/
Adware detected: Win32:Adware-gen [Adw] by Avast.

polonus

sorry,

What does break that live link mean? what is the process to break the link?

A live link is what is a clickable link and when the unaware click that live link in your initial posting they can get infested.
When you change that link to htxp://opticguardzip.net/4141/SeekerFoobar_142667093446537.dll
it is no longer live and clickable. Malicious links shouls always be given “broken” here.

polonus

sorry about that… fixed.

We need one more Zoek fix:

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Fix with ZOEK

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
chrdefaults;

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

:slight_smile: hopefully this works!
Thanks

How is your PC behaving now?