Redirection stops by Avast

I think that I have some kind of virus/malware hiding in the system. I had the colexity777 last week and followed directions given to get rid of it. Everything went fine. The last few days I notice that I will click on a favorite or try to go to a regularly used website and it seems that it tries to get redirected. Avast will pop up with the red window and say that it stopped a suspicious attempt. Any help is greatly appreciated.

Thanks,

Charlie

Hi, for some start…

http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
[*]Please save the log to a location you will remember ( desktop for example ).
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[
]Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds to run the tool.

* When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.

ok. malwarebytes did not see any problems.
attached are the logs you requested.

Thanks for your help,

Charlie

oops. here are the other logs.

Hi,
Delete current TDSSKiller if you have it.

Download fresh TDSSKiller and save it to your desktop

Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.

[*] Press Start Scan

[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]

Please post the contents of that log in your next reply.

ok. done.
scan did not detect anything.
attached is log

[*]Re-run TDSSKiller.exe and click on Change parametres.
[*]Under Additional options check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
[*]Click on Start Scan.
[*]If an infected file is detected, the default action will be Cure, click on
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
[*]Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the [b]C:[/b] directory.


Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.

How to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.

That took a long time. TDSSKiller did not see anything, and combofix took a long time to run. Attached is the log for each.

I do not see malware anywhere . Do you still have redirekt / pop-up from Avast?
Lets do a full systems check with this antirootkit tool…

Download GMER , AntiRootkit tool from the link below and save it to your Desktop :

Download GMER

Double-clicking to run GMER .

[*] Wait for initial scan to finish - if there is any query, click No ;

[*] Click Scan and wait until the full scan is complete;
[*] Click Save … - save the report to the Desktop (called Gmer1 );
// note: the scan for Gmer1 log may take some time

[*] Right-click in the window GMER and select Options> Only non MS files - click Scan ;
[*] after a fasts scan, click Save … - save the report to the Desktop (called Gmer2 );

[*] Click the >>> and select Autostart card;
[*] after a fast scan, click copy ;
[*] open notepad and it copy-paste text - save the report to the Desktop (called Gmer3 )

Attach here Gmer1; Gmer2 and Gmer3 logreports.

Ok. I haven’t really been using computer to surf. Should I turn Avast back on and try it out?
Attached are the logs you requested.

Thanks again

I had to break up the post because attachments were too large. Here is the rest.

Well, yea :smiley:
Turn on avast protections and do some web search…

Generaly you are not infected, the malware is not on your system so …

Haven’t had any redirects. :slight_smile:

Is there anything else I should do?

Thanks for your help,

Charlie

Just this:

It is necessary to uninstall the ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.

Re-run OTL and click on CleanUp! button.

Great. I really appreciate your time and willingness to work with me.

Thanks,

Charlie

:smiley: