Skegnessasc Malware. Help!

system · September 19, 2017, 9:06am

Hi there,

Throughout today I have been receiving alerts from avast that it has blocked the threat skegnessasc.org. I have run a full system scan and also run a Malwarebytes scan, both have come back with nothing. I hope someone here can help!

Attached are the logs as per the pinned topic.

SassDrake · September 19, 2017, 9:29am

Can you make screenshot of Avast message?

system · September 19, 2017, 9:46am

This is the avast popup.

SassDrake · September 19, 2017, 10:26am

This will restart your system so save your work before this.

Open Notepad (click Start button → type notepad.exe → press Enter)
Copy text from code block below and paste it into Notepad

RemoveProxy:
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v SearchList /d "" /f
Reboot:

Go to File → Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

system · September 19, 2017, 10:45am

I have done that, here is the log. Thanks for your help

SassDrake · September 19, 2017, 3:18pm

Does Avast still shows alerts for Skegnessasc?

system · September 19, 2017, 10:38pm

It does, yes

SassDrake · September 19, 2017, 11:02pm

Run FRST
Paste following text in text box

skegnessasc.org

Click on Search registry
Attach Search.txt to your message

system · September 19, 2017, 11:24pm

Here is the log, doesn’t show anything though

SassDrake · September 20, 2017, 12:05am

Open Notepad (click Start button → type notepad.exe → press Enter)
Copy text from code block below and paste it into Notepad

Hosts:
cmd: bitsadmin /RESET /ALLUSERS

Go to File → Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

system · September 20, 2017, 12:12am

Here is the log. Thanks again for your help. What shall I do now?

SassDrake · September 20, 2017, 8:53am

Are you still getting popups for blocked URLs?

system · September 20, 2017, 8:48pm

Hello

I was still getting popups, but since restarting I have not seen any. Should it be gone now? I was never able to pick it up on scans so it is hard to tell. Thanks for your help!

SassDrake · September 20, 2017, 9:36pm

Yup, it is gone now.

• Sledeća procedura će implementirati završno čišćenje.

:arrow: Preuzmi “Xplode”-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore[/i]

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:[b]DelFix.txt[/b])

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program “ERUNT” u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Skegnessasc Malware. Help!

Announcements