Cannot get these pop s to stop! Any help? tried almost everything
URL: htxp://opticguardzip.net/4141/SeekerFoobar_142667093446537.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe
Cannot get these pop s to stop! Any help? tried almost everything
URL: htxp://opticguardzip.net/4141/SeekerFoobar_142667093446537.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe
follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs … 3 logs total
Logs Attached per instructions
asw file
Hello,
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[]In the main box please paste in the following script:
createsrpoint;
autoclean;
emptyalltemp;
bitsadmin /reset /allusers;b
ipconfig /flushdns;b
[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
zoek results
@smoothjazztampabay,
Please break that live link like with htxp:// → https://www.virustotal.com/nl/url/b20c7e3ab0dc9f639460acbd84b9c722b6e90167781195ebc5bca46509740157/analysis/1433086865/
→ https://www.virustotal.com/nl/file/2056e92880e02faa02bfc80ecd1b2ca619e9ee76094a5193610d578c58f5c78b/analysis/1431512570/
Adware detected: Win32:Adware-gen [Adw] by Avast.
polonus
sorry,
What does break that live link mean? what is the process to break the link?
A live link is what is a clickable link and when the unaware click that live link in your initial posting they can get infested.
When you change that link to htxp://opticguardzip.net/4141/SeekerFoobar_142667093446537.dll
it is no longer live and clickable. Malicious links shouls always be given “broken” here.
polonus
sorry about that… fixed.
We need one more Zoek fix:
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Fix with ZOEK
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[]In the main box please paste in the following script:
createsrpoint;
chrdefaults;
[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
hopefully this works!
Thanks
How is your PC behaving now?