Avast renewal August 2019
Behavior Shield is on.
Firefox 63.03

My Firefox browser has been infected with nuisance adware identified as " r.svrtrack.com ". I don’t know how it got on my PC, but I’m very careful to avoid such things. I just helped my sister in another state to remove similar adware from her laptop. It had already insinuated itself into many levels of the system, caused frequent unwanted notifications, and bogged down the computer.

A notification box pops up every time I enter a new URL in the browser, and asks me to enable a “monetization” add-on (see attachment). It claims to be a Mozilla extension, but there is no such thing in my Add-Ons. A Control Panel Remove Files search found no suspect programs. An internet search confirmed that it is a known malware.

I ran an Avast search and got an “all clear”. So I ran a search on the free version of MalwareBytes, and it quarantined an unrelated set of files. The adware continues to be a nuisance. Isn’t Behavior Shield supposed to catch such obvious unorthodox activity? Do I have to actually release the caged animal before Avast will catch it?

It seems to be crudely made software, so why didn’t Avast detect the popup behavior and block it? Avast claims to be protecting my browser from this kind of thing. Other than uninstalling Firefox, is there anything I can do to stop the harrassment?

follow instructions and attach requested logs >> https://forum.avast.com/index.php?topic=194892.0

since you have already run Malwarebytes you may drop step #1
The two diagnostic logs from FRST are the important ones at step #2

Avast Security Browser protects, for instance from -https://pcthreatskiller.com/solution-remove-r-svrtrack-com/
which is warned to have malicious content.

polonus

Pondus

I have attached the Farbar scan files.

MalwareBytes quarantined some files that seem to be related to Firefox Extensions :
C:\User\john earwood\app data\roaming

That didn’t stop the popups.

Did you mean that “pcthreatskiller” is malware? Or that “r.svrtrack.com” is malware? Which one does Avast protect from?

The “r.svrtrack.com” popup seems to be a Re-direct, which should be a behavior that would trigger Avast to block it. If so, why doesn’t Avast find the cause of such behavior?

@Sass Drake is notified, it may take hours before he is online

FYI

I found this website that claims to have an app to remove this specific adware. But the site seems a little suspect, so I passed it up. I’m hoping Avast can do the job.

http://www.averina.com/instructions-to-remove-r-srvtrck-com-adware/

First off, Spyhunter has to be a paid-for tool (not free) to work/remove and second, what it reports as infections may not be.

Better off imo following Sass Drake’s removal program, it is tailored specifically for your system and it is free.

Be patient.

Hi jhearcht,

Using spyhunter is indeed a bad proposition, do not fall for it. The link you gave is mainly scam & bloat.

Better it is is to wait for a qualified removal expert here, that will help you to deal with it in a specific and unique way,
suited to that specific malware on your unique device and with your specific configuration.

In the mean time read about such a malware cleansing here:
https://forums.malwarebytes.com/topic/226359-help-to-remove-rsrvtrckcom-redirects/

Do not copy what you read there as every victim needs his own cleansing routine under his or her specific situation.
By the way all qualified removal experts have their own “Hogwart” tools to do the job.

polonus

If window on screenshot is real window then culprit must be one of the extensions even if it doesn’t look it is. FRST logs are clear and extension you have should be legit. Now try with disabling/removing extensions on by one until you find culprit. Please report what you have found out.