system
June 9, 2018, 12:19am
1
Hey All,
Let me start by saying I appreciate any help given! A few days ago I started getting a message saying threat secured/ aborted connection on 172.86.120. 188 infected with URL:MAL.
Threat name: URL:Mal
URL: http:172.86.120.188/current/runtime.exe
Process C:\windows\system32\svchost.exe
Detected by Web Shield
Status Connection aborted
I think I followed the instructions in the sticky post and included my log files. Again, any help will be greatly appreciated!!!
This will restart your PC automatically so save your work before doing this.
Open Notepad (click Start button → type notepad.exe → press Enter )
Copy text from code block below and paste it into Notepad
EmptyTemp:
Go to File → Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
system
June 10, 2018, 1:32pm
5
Same message from avast popping up every ten minutes or so.
Open Notepad (click Start button → type notepad.exe → press Enter )
Copy text from code block below and paste it into Notepad
cmd: bitsadmin /list /allusers /verbose
cmd: bitsadmin /reset /allusers
Go to File → Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
system
June 10, 2018, 10:56pm
7
Posting now, status is the same just in case you needed that info. Avast warning popping up every ten min or so…Thanks again for helping!
Please download PowerRun from here .
Extract it and run PowerRun_x64.exe
Right click on first entry in list (%SystemRoot%\System32\cmd.exe ) and click on Run
Command Prompt window with SYSTEM privilegies should appear. Type this command and press Enter:
bitsadmin /reset /allusers
Make screenshot of Command Prompt window and attach it here please.
system
June 11, 2018, 9:54pm
9
Here it is. Ive said before but I really appreciate the help!
system
June 11, 2018, 9:59pm
10
sorry posted the wrong one…here is the right one …
Hmm. What is system status now? If same, please read carefully and follow again instructions I wrote.
system
June 12, 2018, 2:19am
12
This is what I’m seeing after slowly going step by step…
Are you still getting Avast notifications for blocked URL?
system
June 12, 2018, 11:34pm
14
Yes I’m still getting them ,thanks!
Open Notepad (click Start button → type notepad.exe → press Enter )
Copy text from code block below and paste it into Notepad
cmd: bitsadmin /list /allusers /verbose
cmd: bitsadmin /reset /allusers
Go to File → Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
system
June 13, 2018, 10:18pm
16
Here you go…I also included a screenshot of what malwarebytes shows as the problem. I quarantine and also tried deleting them but it keeps coming back, not sure if this helps but thank you!
Open Notepad (click Start button → type notepad.exe → press Enter )
Copy text from code block below and paste it into Notepad
CloseProcesses:
Task: {DA31CBB2-1E99-40C8-8509-F108596E3358} - System32\Tasks\Windows Cryptography Service Installer => C:\Program Files (x86)\Common Files\Cryptography\Hasher\Installer.bat [2018-01-28] () <==== ATTENTION
C:\Program Files (x86)\Common Files\system
C:\Program Files (x86)\Common Files\CRYPTOGRAPHY
EmptyTemp:
Go to File → Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
system
June 15, 2018, 1:29am
18
Here it is…still getting avast warnings in case you need to know. Thanks!
Please post new FRST.txt and Addition.txt logs.
system
June 16, 2018, 1:45am
20
Here you go, sorry I didn’t include them in my previous post.