I am receiving a reddie.net has been blocked alert from Avast regularly. I can make it occur by renewing my IP address. I am a service tech and have exhausted myself on this one. Thank you.

hey and welcome to the avast forum. can you provide a picture of what avast say? that will give the malware expert some more information.

Could you let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Toolbar: HKU\S-1-5-21-1524582174-2071853117-3632799279-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File 2015-03-12 16:56 - 2015-03-12 16:57 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{5BEE7124-557F-4C5B-B043-6FC34C05A959} 2015-03-11 18:59 - 2015-03-11 18:59 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{06CD86CB-EC5A-4FDF-B3DF-A8CEB232418A} 2015-03-11 06:58 - 2015-03-11 06:58 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{0BBFCC7F-9E45-4E00-BCC1-E7EDF62D8619} 2015-03-10 10:08 - 2015-03-10 10:08 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{772FB547-9F6D-44AC-90DA-BB02B2604D0B} 2015-03-09 22:07 - 2015-03-09 22:07 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{71D3A356-3289-4D8D-8290-1C4BC9952552} 2015-03-09 10:06 - 2015-03-09 10:06 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{9ECA466C-DCBA-48AE-9345-994F211E42D0} 2015-03-09 10:06 - 2015-03-09 10:06 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{0987E71A-0F92-4DCC-BF59-3F50E1DF5B9E} 2015-03-08 20:50 - 2015-03-08 20:50 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{CBC4A590-10AD-4EE0-B3B3-9908F7F46382} 2015-03-08 07:59 - 2015-03-08 08:00 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{D24DDB3E-DD53-4CC1-A358-78CF30DC7963} 2015-03-07 19:58 - 2015-03-07 19:58 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{9FAE1115-4F04-4E80-9E42-9ABFCC130764} 2015-03-07 07:57 - 2015-03-07 07:58 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{10D59FFE-7439-4029-A085-0889C5104AF4} 2015-03-06 11:05 - 2015-03-06 11:05 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{691E91E1-4B81-4864-B4E5-B49FEB942CBD} 2015-03-05 11:05 - 2015-03-05 11:06 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{B2439CBD-7261-4693-82F9-406CE928D290} 2015-03-04 10:23 - 2015-03-04 10:23 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{395BA79A-0929-480F-A203-2BECF827A540} 2015-03-03 22:22 - 2015-03-03 22:22 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{6E8AAE57-457E-4190-BB71-EE9A90B181DB} 2015-03-03 07:42 - 2015-03-03 07:42 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{7CFFD484-5537-402D-B553-E437D66AD611} 2015-03-02 19:41 - 2015-03-02 19:41 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{ACE6CBC7-0172-4C82-877E-25053280F238} 2015-03-02 07:39 - 2015-03-02 07:40 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{BB1E79F9-1A71-4F68-8F0F-2CEA2656E04F} 2015-03-01 23:12 - 2015-03-01 23:12 - 00000000 ____H () C:\Users\Paul and Ann\AppData\Local\BITC077.tmp 2015-03-01 23:12 - 2015-03-01 23:12 - 00000000 _____ () C:\Users\Paul and Ann\AppData\Local\{68524DDB-300D-4221-A3F0-F2A2C219E765} 2015-03-01 11:28 - 2015-03-01 11:28 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{02A784CA-3DF9-44C5-9D4E-0877A3F2FC81} 2015-03-01 11:27 - 2015-03-01 11:28 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{46FE6825-5D32-4C8F-A767-FD447B6B18F4} 2015-02-28 22:29 - 2015-02-28 22:29 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{B1B63D68-E857-4188-BAFF-D2BF351F13B0} 2015-02-28 10:27 - 2015-02-28 10:28 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{F725D4A5-1128-4866-BFFF-2C6ECDF614B5} 2015-02-27 21:30 - 2015-02-27 21:31 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{01DE6CA3-113F-4B34-A3E7-9D700EC43930} 2015-02-27 08:37 - 2015-02-27 08:37 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{CF53B62E-03E7-41BD-B36D-D4F97A712178} 2015-02-26 12:00 - 2015-02-26 12:00 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{2E932F21-D257-4DB7-93DC-743CF4C24296} 2015-02-25 16:42 - 2015-02-25 16:42 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{61FDA1B3-1F63-4389-9811-B56F5106A4DE} 2015-02-19 20:31 - 2015-02-19 20:32 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{0F31D817-F57D-4B5B-A051-761E4EDD8CF5} 2015-02-19 08:04 - 2015-02-19 08:04 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{852FB2BC-4DAC-486D-A6D6-45E38944A0F8} 2015-02-18 15:44 - 2015-02-18 15:45 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{DD7AB5F3-E0F3-4E7B-898D-841983921825} 2015-02-18 14:22 - 2015-02-18 14:22 - 00000000 ____D () C:\ProgramData\354007000003c12 2015-02-12 16:45 - 2015-02-12 16:45 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{EF1267B1-80BD-4900-8754-71B350E2DC42} 2015-02-11 20:05 - 2015-02-11 20:06 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{4A6A5788-4B44-4EE0-A184-FEC7DD84A303} 2015-02-11 18:20 - 2015-02-18 14:23 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.31 2015-02-11 18:19 - 2015-02-11 18:18 - 01110476 _____ () C:\Users\Paul and Ann\Downloads\Setup [1].exe 2015-02-11 08:04 - 2015-02-11 08:05 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{D7C22A18-8E54-4FCB-9362-3F20B45903D5} 2015-02-10 18:58 - 2015-02-10 18:58 - 00000000 ____D () C:\Users\Paul and Ann\AppData\Local\{862C9936-CC41-4DBA-A993-960CC768E30E} 2015-03-01 23:12 - 2015-03-01 23:12 - 0000000 _____ () C:\Users\Paul and Ann\AppData\Local\{68524DDB-300D-4221-A3F0-F2A2C219E765} RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

Thank you both for your response. My customer has put me on a tight schedule and I will admit I jumped ahead a little. I ran FRST last night with some minimal settings and that solved the pop up issue. The log from that will be attached below as fixlogOld.txt.

I ran FRST with the settings you gave and attached that. ADWcleaner has been ran previously, but after the FRST fix the log is [S2] and attached.

The issue is resolved. Thank you.

I would like to learn more about how to identify and remove malware such as this. How should I go about doing that? Thanks again!

Hi … This was the problem

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {4860C00E-E1F1-437F-908E-E7F5A7678055}.
{AD82F94E-6831-43C8-B55F-5051BEAD4A7D} canceled.
{4BF5D725-7AA8-4025-95FA-B04D9AA67D2C} canceled.
{D5542069-5241-4C53-9488-5B3951F1C0A3} canceled.
{BB5926AD-1C49-4CCE-88C2-ADEED0A2AD75} canceled.
4 out of 5 jobs canceled.

And the following FRST command was the one that fixed it :

CMD: bitsadmin /reset /allusers

It is a small piece of malware that uses what is in effect the windows update task

The other elements I removed in my fix were zero byte junk folders and two old adware/rogue programme folders, so just a bit of housekeeping

Avast appears to be the only one to detect this and the symptoms are a blocked URL from svchost

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe

Thank you for your help and the explanation. The computer is running great. Have a good day.

P.S. I’m going to be lurking this site more often to learn more about malware removal in general. I was not the first tech to touch this computer. It was twice declared clean and once condemned to a wipe and restore by another tech before the customer contacted me. This is the first one I’ve had to ask for help on and you were a pleasure to work with. I’m getting a reputation as the tech that doesn’t wipe and restore all the time and that is scary to me since I actually know very about malware. Thanks again.

The problem is automated tools are only as good as their signatures, so something new will go right past them.

This one is only detected when it tries to call home