Hello … this post may be long but I thought it best to be as detailed as possible. Starting on Sept. 23rd I’ve been getting this Avast message “A threat has been detected”. It happens 5 minutes after rebooting/restarting.
First time it shows this url …
URL: http:// vmddlxlckwoe.ru/ch5vf678ksdhv5op/
Five minutes later, it happens again the same url. Then five minutes later, it happens again with the url above following quickly with this url …
http:// vmddlxlckwoe.com/ch5vf678ksdhv5op/ and then this url http:// vvwxyylbsgjf.com/ch5vf678ksdhv5op/
So basically I hear and see the “A threat has been detected” message 5 times in total.
Here are 2 screenshots to view …
http://i62.tinypic.com/263vk43.jpg
http://i61.tinypic.com/29wpmdd.jpg
Then on Sept. 25th it keeps going off every 5 minutes, with no break. I did not install any programs the day this all started. I ran the Avast Smart scan, no detection. I ran a Malwarebytes scan, 1 file detected and deleted (Trojan.Dropped, C:\Windows\Remove.exe, Quarantined, [a042b67efb903204c5c388719e6341bf],)
Since Sept 25th, I’ve had Avast in Silent Mode. I have searched many times, trying to find a solution. No luck.
Now today, Oct 2nd I discover I have no internet. Called my ISP and was told they turned off my connection due to a virus on my computer. I was told I have 24-48 hours to clear it up, or I may lose my connection for 7 days. It was turned back on and the email they sent me said it was the Trojan.Zeroaccess horse. I downloaded the Trojan.Zeroaccess Removal Tool from Symantec as suggested, followed the directions and “No infections were found”.
Then I ran a full system scan with Avast. Two threats were found …
http://i60.tinypic.com/156fj1z.jpg
Avast then asks to run a Boot-time scan which I allowed. However the computer locked up at 13%. While restarting, Windows recommended the Startup Repair which I did. After another restart I got back to the desktop okay. BUT, 5 minutes later the Avast alerts start again due to Silent Mode now turned off. This time I’m seeing 7 alerts instead of the 5 from last week, one right after the other with these urls …
http:// d82bajd74y4yhd0i.cc/ch5vf678ksdhv5op/
http:// vvwxyylbsgjf.com/ch5vf678ksdhv5op/
http:// frvmtwqqnnop.ru/ch5vf678ksdhv5op/
http:// fttdiyuojuee.ru/ch5vf678ksdhv5op/
http:// felovsxummfb.ru/ch5vf678ksdhv5op/
http://i60.tinypic.com/2j0nts4.jpg
Then I ran another Malwarebytes scan, no detection. Before posting here I ran the Farbar Recovery Scan Tool and the aswMBR.exe. All 3 logs are attached.
I did notice in the aswMBR log this line …
23:41:12.277 File: C:\Users\Administrator\AppData\Roaming\4FFF169C\bin.exe HIDDEN
I thought I should mention that I got a popup earlier while running scans, saying “bin.exe has stopped working”. This happened between the Trojan.Zeroaccess Removal Tool scan and the full system scan with Avast earlier. The 4FFF169C folder from the HIDDEN line above was created on Sept 23rd, same day as the first Avast alerts started happening. Sure which I’d posted here earlier 
I think that’s all for now 
Thanks for any help.
Deb
