redirector.gvt1.com URL:MAL / URL:MAL2

Good morning,

Yesterday I bought a brand new laptop with a fresh windows install. After turning it on I immediately updated windows and upgraded to Windows 10.

Following that, I installed Avast (free), MBAM, Malwarebytes Anti-Exploit, Chrome + uBlock Origin + HTTPS Everywhere extensions and Steam. The only websites I browsed were those associated with the above software.

Shortly after opening Steam and starting download of a game, I started receiving constant popups from Avast indicating URL:MAL or URL:MAL2 affecting svchost, iexplore and chrome. Following this, start menu stopped functioning and could not be opened with the mouse or with the windows key. Next my internet browsers (ie, chrome, edge) all refused to open. Task Manager opened very slowly and was mostly blanked out, showing only itself in running processes and the other tabs had all disappeared. I restarted the PC and start menu/browsers became functional again however the popups continued. I did a full system scan with Avast, MBAM, TDSS killer and nothing was found.

Since it was a new PC I decided it would be easiest to just wipe and start over. I used the PC reset function in Windows 10 to do a fresh install with “remove everything” selected. Once this was done I booted back in, installed Avast and Steam. Shortly after installing Steam I again started getting the same popups, followed by start menu/browsers not working. Again restart fixed that problem, however popups continued and after a time my laptop’s touchpad disabled itself and couldn’t be re-enabled using the function keys (I had to browse into the driver settings with the keyboard and enable it).

After an hour or so, the popups stopped and have not restarted. Very grateful if somebody could have a look at the attached scan logs.

Thanks very much to the volunteers here!

It sounds like it is something in the steam programme you downloaded … What was it and where did you get it from

Hey thanks for the quick reply!

Steam was downloaded from: http://store.steampowered.com/

I clicked “Install Steam” in the top right corner.

I have Steam with the same games installed on another Windows 10 PC, also running Avast Free, and have had no issues.

Hmm nothing showing so lets do a few clean up options

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

Hey guys sorry to butt in, but I was going to make this exact same post (even done to the software inc steam). The only thing I had not tried was awd and that finally fixed it for me so hope it works for you too. By the by, I normally use Firefox but today opened Chrome for the first time to get at my google drive and literally the second I started a download the warning from avast came up.

Here is the interesting bit from awd:

[-] [C:\Users\thorb\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com


:: “Tracing” keys removed
:: Winsock settings cleared

Chrome is the easiest browser to infect… I do not have it on my system

Hi,

I’ve done as you say, logs attached.

ADWCleaner found nothing.

Edit: I should add, I have not had any popups in the last 24 hours (Chrome was uninstalled).

Cheers,

The adware authors are now starting to change the files within Chrome itself and some of the changes are not readily apparent to the analysis logs

Unfortunately Chrome does not protect itself from that and as it is open source any one can change it

Any further problems

So is my computer probably safe? I haven’t noticed anything odd recently. Won’t be using Chrome again soon.

Yes I believe it is :slight_smile:

Remove tools

Download and run Delfix
Select the options as shown

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

All done :smiley:

Thanks so much for taking the time to help. Amazing that you guys give up your spare time doing this for random people!

:slight_smile: