Threat Blocked URL:Mal Process rundll32.exe

Hey guys, I started getting these popups from Avast and am a little worried. The Object URL is a random one every time. This computer is a brand new build and I have reason to believe these started popping up after a torrent I downloaded that may have been infected with something. Running Avast comes up with nothing so far.

Would love some help on this and thank you in advance!

It is very unusual for the rundll32.exe to be connecting to the internet for starters. So it is either not legit or the file is being incorrectly/utilised used in this way.

  • This is usually an indication of an underlying infection (hidden or undetected) and avast is preventing it from calling home, etc.
  • This needs further analysis by a malware removal specialist:
    Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

Just start with the first two tools and attach the logs and wait for malware removal specialist to help.

Will do, scanning now.

Attaching logs here - one scan log from Malwarebytes and the other two from Farbar.

There may be a little delay, depending on time zones and the availability of the malware removal specialists.

no worries, thank you for the update

You’re welcome.

Hello, it seems you are infected with ‘Backdoor.Sathurbot’. First, pls uninstall the following PUP;

  • Unigine Valley Benchmark version 1.0

Then, continue with the rest of instructions and tell me has problem disappear?

  • Temporaly disable your AV.

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Start
CreateRestorePoint:
File: C:\Users\hey\AppData\Local\Microsoft\Performance\Monitor\PerformanceMonitor.dll

CloseProcesses:
HKU\S-1-5-21-718831387-3477664300-3442743064-1001\...\Run: [Windows Performance Monitor] => rundll32.exe "C:\Users\hey\AppData\Local\Microsoft\Performance\Monitor\PerformanceMonitor.dll",DllInstall

Hosts:
C:\Users\hey\AppData\Local\Microsoft\Performance

EmptyTemp:
Emd



2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Instructions followed and Fixlog attached.

For what it’s worth I haven’t seen my AV pop up yet with a threat blocked.

Looks to me that you haven’t enabled PUP detection in avast.
I would say, check it and if it is disabled (which it is by default) enable it.

Nice to hear. Monitor your PC day or two. If no AV alearts, then pls preform the following;

http://www.mcshield.net/pg/images/arrow.png
Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Tip: Do not use security tools such as ComboFix, FRST, Zoek and the like. These are advanced security tool, should not be used without supervision.

PUP enabled in Avast.

magna - the DelFix link is broken I believe. Will monitor for another day or two and thank you again!

The server appears to be down.

http://www.downforeveryoneorjustme.com/general-changelog-team.fr

Working link for Delfix > https://www.bleepingcomputer.com/download/delfix/

@win2, sry, it appears that redirect link does not work.

You can use Bleeping Computer’s download link. Here is altered ToolSlib, both are equal.
https://toolslib.net/downloads/finish/2/