request for help with blackfight.info, epictory.com, reddie.net malware

Hello,
I have been getting warnings from Avast about this malware. I’ve started keeping track of the urls that are being flagged:

http://blackfight.info/4242/SustainerPlus_142669299592927.dll

http://epictory.com/4242/CutterGeneration_142669100050066.dll

http://blackfight.info/4242/TrimModule_142668815556608.dll

http://blackfight.info/4242/IncrementModule_142667006342467.dll

http://reddie.net/4242/RelayStasis_142668964639056.dll

http://blackfight.info/4242/TerminusTurbo_142669035165920.dll

http://blackled.info/4242/LighterProc_142669697044441.dll

http://reddie.net/4242/TrimModule_142668815523805.dll

http://reddie.net/4242/SectionAppend_142669233523030.dll

http://blackled.info/4242/LighterProc_142669697044441.dll

http://reddie.net/4242/RelayStasis_142668964622655.dll

http://epictory.com/4242/SectionDouble_142669563087016.dll

http://blackfight.info/4242/TerminusBoost_142667197759595.dll

I have been running Malwarebytes Anti-malware and AdwCleaner. Sometimes items show up for removal. At other times they don’t.

Any assistance is appreciated.

Hi paulinepeters, welcome to the forum :slight_smile:

Please follow this turtorial https://forum.avast.com/index.php?topic=53253.0 and attach the requested logs in your next reply.
As soon as an expert is online and available he/she will help you.

Greetz, Red.

Hello,

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Here are the attachments

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
autoclean;
emptyalltemp;
bitsadmin /reset /allusers;b
ipconfig /flushdns;b

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Here is the log

How is your PC performing now?

I haven’t seen any malware warnings since the reboot after running the last scan.
Is there any indication of what I was infected with, or what I had installed that brought in this malware?
Thanks

You probably visited infected website that infected your PC. These warnings are actually Avast blocking malware from calling home.

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.