Avast is continuously popping up with:
avast! Web Shield has blocked a harmful webpage or file.
Object: http://getmuzicas.info/?e=pcho…
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe
AND
avast! Web Shield has blocked a harmful webpage or file.
Object: http://getusaall.info/?e=pcho…
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe
I have attached the logs from OTL and Farbar Recovery Scan Tool.
And here are the Malwarebytes and GMER logs
Hi,
What for you are using the WDK tools? Are you aware of C:\Program Files (x86)[b]AutoInstall[/b] program?
This “thing” uses Processes, modules and Run keys, %temp%\RarSFX0 for load and unsign ‘AutoInstallEJCD’ services. That is what avast! detects, this is what FRST and GMER logs warn be that is bad. The following FixList shall perform no fixes. It serves only to gather some information.
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Folder: C:\Program Files (x86)\AutoInstall
Folder: C:\Users\12Gage\AppData\Local\Temp\RarSFX0
File: C:\Program Files (x86)\AutoInstall\AR9170_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE
File: C:\Users\12Gage\AppData\Local\Temp\RarSFX0\AutoInstallEJCDSVC.exe
File: C:\Users\12Gage\AppData\Local\Temp\RarSFX0\AutoEJCD.exe
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
I’m not currently using WDK Tools. I believe it was included as a part of Visual Studio 2012, but I am not certain.
Anyway, the log is attached.
Hi 12gage12,
The detection is “Printing Communications Assoc., Inc. (PCAUSA)” and “ZDC., Inc. (ZDC)” related. They should be WDK (VS 2013) related.
I could remove this, but I can not threat this as malware as I have no evidence that this is malware although, it uses some bizarre place. You do have a lots of junk (non-PUP/AdWare related) on your system. They are skyrim related, not malware.
avast! generic says:
Infection: URL:Mal based
Process: svchost.exe
It says svchosts as this inject a .dll file into the authentic svchost process so avast! detect this as generic.
This is your problem.
%temp%\RarSFX0*.*
%programfiles(x86)%\AutoInstall
C:\WINDOWS\SysWOW64\ZDCN50.dll
C:\WINDOWS\system32\ZDCN50.dll
‘AutoInstallEJCD’ services and HKLM.…\Run [AutoEJCD_0ACE20FF]
pls help me
Content of fixlist:
Folder: C:\Program Files (x86)\AutoInstall
Folder: C:\Users\12Gage\AppData\Local\Temp\RarSFX0
File: C:\Program Files (x86)\AutoInstall\AR9170_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE
File: C:\Users\12Gage\AppData\Local\Temp\RarSFX0\AutoInstallEJCDSVC.exe
File: C:\Users\12Gage\AppData\Local\Temp\RarSFX0\AutoEJCD.exe
========================= Folder: C:\Program Files (x86)\AutoInstall ========================
Directory Not Found
========================= Folder: C:\Users\12Gage\AppData\Local\Temp\RarSFX0 ========================
Directory Not Found
========================= File: C:\Program Files (x86)\AutoInstall\AR9170_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ========================
“C:\Program Files (x86)\AutoInstall\AR9170_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE” not found.
====== End Of File: ======
========================= File: C:\Users\12Gage\AppData\Local\Temp\RarSFX0\AutoInstallEJCDSVC.exe ========================
“C:\Users\12Gage\AppData\Local\Temp\RarSFX0\AutoInstallEJCDSVC.exe” not found.
====== End Of File: ======
========================= File: C:\Users\12Gage\AppData\Local\Temp\RarSFX0\AutoEJCD.exe ========================
“C:\Users\12Gage\AppData\Local\Temp\RarSFX0\AutoEJCD.exe” not found.
====== End Of File: ======
==== End of Fixlog ====
Start a new topic.
@kevin james … it seems you run a fix not made for you
PLease help me also
Content of fixlist:
Folder: C:\Program Files (x86)\AutoInstall
Folder: C:\Users\12Gage\AppData\Local\Temp\RarSFX0
File: C:\Program Files (x86)\AutoInstall\AR9170_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE
File: C:\Users\12Gage\AppData\Local\Temp\RarSFX0\AutoInstallEJCDSVC.exe
File: C:\Users\12Gage\AppData\Local\Temp\RarSFX0\AutoEJCD.exe
========================= Folder: C:\Program Files (x86)\AutoInstall ========================
Directory Not Found
========================= Folder: C:\Users\12Gage\AppData\Local\Temp\RarSFX0 ========================
Directory Not Found
========================= File: C:\Program Files (x86)\AutoInstall\AR9170_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ========================
“C:\Program Files (x86)\AutoInstall\AR9170_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE” not found.
====== End Of File: ======
========================= File: C:\Users\12Gage\AppData\Local\Temp\RarSFX0\AutoInstallEJCDSVC.exe ========================
“C:\Users\12Gage\AppData\Local\Temp\RarSFX0\AutoInstallEJCDSVC.exe” not found.
====== End Of File: ======
========================= File: C:\Users\12Gage\AppData\Local\Temp\RarSFX0\AutoEJCD.exe ========================
“C:\Users\12Gage\AppData\Local\Temp\RarSFX0\AutoEJCD.exe” not found.
====== End Of File: ======
==== End of Fixlog ====
As said, start a new topic…!!!
Click here: https://forum.avast.com/index.php?action=post;board=4.0