Threat has been detected Avast popup

I keep getting the message pop up that says threat has been detected I have run superanti spyware malware bytes and avast boot scan still cannot get rid of annoying popup

Yes What is the detection & what operating sysyem are you using??. Any previous antivirus needs to be removed before avast is installed

Not knowing what the pop-up was make it a challenge to answer your question.
If possible please post a screenshot. To bring the pop-up back into view right click on the avast icon then click “show last pop-up message”.
If you were visiting a website avast probably prevented an infection. Running a boot scan is a little overkill. All that you need to do is run
at the very least a quick scan and at the most a full scan.

If nothing showed up during any scan it means avast blocked an infection and you are good to go.
You can “pin” the pop-up by using the “pin” (top arrow). For more information click “more information” (bottom arrow).

How do I insert a picture

Windows xp pro sp 3

It keeps popping up even if I am not using my browser

When you reply, use the Attachments and other options link.

see attached

It just keeps popping up along with malware bytes blocking ip address…it is very annoying…

You may want to start a thread in the viruses and worms section http://forum.avast.com/index.php?board=4.0
Please follow the instructions here http://forum.avast.com/index.php?topic=53253.msg451454#msg451454

Please be patient as they may be assisting others. :slight_smile:

With svchost.exe connecting to the internet (other than for windows update) is somewhat suspicious and is usually an indication of an umber lying infection. You should foll the advice given in the link provided by Para-Noid.

My auto update cannot be turned on in security and it doesn’t show up in policies either…

It’s under settings. Top right of the screen.

Are you talking about windows updates or avast ?

That said, I wouldn’t waste time on this side issue the important issue is dealing with the underlying infection a.s.a.p… It is now 10pm in the UK and most of the volunteer malware removal specialists are in the UK, European time zone.

So if you can get the information (logs of the analysis scans, etc.) then the sooner one of them can get on to it before they are in bed.

windows updates

Windows Updates being disabled can also be also a symptom of malware infection.

Like I said the sooner you get on with the analysis and attachment of the logs the sooner someone can help.

AdwCleaner v2.300 - Logfile created 05/07/2013 at 14:19:44

Updated 28/04/2013 by Xplode

Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

User : admin - JIM-1DFD1E839CB

Boot Mode : Normal

Running from : C:\Documents and Settings\admin\My Documents\downloads\adwcleaner(1).exe

Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\idodiefq.default\searchplugins\Search_Results.xml
File Found : C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\END
File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Folder Found : C:\Documents and Settings\admin\Application Data\Funmoods
Folder Found : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\idodiefq.default\jetpack
Folder Found : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\idodiefq.default\Smartbar
Folder Found : C:\Documents and Settings\admin\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\admin\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\admin\Start Menu\Programs\TornTV.com
Folder Found : C:\Documents and Settings\All Users\Application Data\APN
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\TornTV.com

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3291673
Key Found : HKLM\SOFTWARE\Classes\TypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Tarma Installer
Key Found : HKU\S-1-5-21-725345543-1844237615-2146664213-1004\Software\Microsoft\Internet Explorer\SearchScopes{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-725345543-1844237615-2146664213-1004\Software\Microsoft\Internet Explorer\SearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-725345543-1844237615-2146664213-1004\Software\Microsoft\Internet Explorer\SearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [Internet Browsers] *****

-\ Internet Explorer v7.0.6000.17128

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN74260036726628287&UM=2&ctid=CT3291673

-\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\idodiefq.default\prefs.js

Found : user_pref(“CT3289847_Firefox.csv”, "[{"from":"Abs Layer","action":"loading toolbar","time"[…]
Found : user_pref(“CT3291673_Firefox.csv”, "[{"from":"Abs Layer","action":"loading toolbar","time"[…]
Found : user_pref(“Smartbar.ConduitHomepagesList”, "hxxp://search.conduit.com/?ctid=CT3291673&CUI=UN33344691[…]
Found : user_pref(“Smartbar.ConduitSearchEngineList”, “Search Spin V1 Customized Web Search”);
Found : user_pref(“Smartbar.ConduitSearchUrlList”, "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291673[…]
Found : user_pref(“Smartbar.SearchFromAddressBarSavedUrl”, "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[…]
Found : user_pref(“Smartbar.keywordURLSelectedCTID”, “CT3291673”);
Found : user_pref(“browser.search.defaultenginename”, “Search Results”);
Found : user_pref(“browser.search.defaultthis.engineName”, “Search Spin V1 Customized Web Search”);
Found : user_pref(“browser.search.defaulturl”, "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291673&CUI[…]
Found : user_pref(“browser.search.order.1”, “Search Results”);
Found : user_pref(“keyword.URL”, "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291673&SearchSource=2&CU[…]
Found : user_pref(“smartbar.machineId”, "M1NINRO5KCAOTISAERTVKDHBFFPW3VE97OOE1KL6MJSBDHMVDRWZF3CG5QQC+LUVSF/[…]

-\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.2068] : homepage = “hxxp://www.searchnu.com/102?appid=100”,


AdwCleaner[R1].txt - [7982 octets] - [07/05/2013 14:19:44]

########## EOF - C:\AdwCleaner[R1].txt - [8042 octets] ##########

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Remove – Date : 05/07/2013 15:04:15
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKCU[…]\System : disableregistrytools (0) → DELETED
[HJ DESK] HKLM[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) → REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][JUNCTION] C:\WINDOWS$NtUninstallKB14045$ >> \systemroot\system32\config → REMOVED
[Del.Parent][FILE] @ : C:\WINDOWS$NtUninstallKB14045$\267270451@ [-] → REMOVED
[Del.Parent][FILE] Desktop.ini : C:\WINDOWS$NtUninstallKB14045$\267270451\Desktop.ini [-] → REMOVED
[Del.Parent][FILE] 00000004.@ : C:\WINDOWS$NtUninstallKB14045$\267270451\L\00000004.@ [-] → REMOVED
[Del.Parent][FILE] 201d3dde : C:\WINDOWS$NtUninstallKB14045$\267270451\L\201d3dde [-] → REMOVED
[Del.Parent][FILE] 76603ac3 : C:\WINDOWS$NtUninstallKB14045$\267270451\L\76603ac3 [-] → REMOVED
[Del.Parent][FILE] hycpmsei : C:\WINDOWS$NtUninstallKB14045$\267270451\L\hycpmsei [-] → REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS$NtUninstallKB14045$\267270451\L → REMOVED
[Del.Parent][FILE] 00000004.@ : C:\WINDOWS$NtUninstallKB14045$\267270451\U\00000004.@ [-] → REMOVED
[Del.Parent][FILE] 00000008.@ : C:\WINDOWS$NtUninstallKB14045$\267270451\U\00000008.@ [-] → REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\WINDOWS$NtUninstallKB14045$\267270451\U\000000cb.@ [-] → REMOVED
[Del.Parent][FILE] 80000000.@ : C:\WINDOWS$NtUninstallKB14045$\267270451\U\80000000.@ [-] → REMOVED
[Del.Parent][FILE] 80000032.@ : C:\WINDOWS$NtUninstallKB14045$\267270451\U\80000032.@ [-] → REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS$NtUninstallKB14045$\267270451\U → REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS$NtUninstallKB14045$\267270451 → REMOVED
[Del.Parent][FILE] 3444094802 : C:\WINDOWS$NtUninstallKB14045$\3444094802 [-] → REMOVED
[ZeroAccess][FOLDER] ROOT : C:\WINDOWS$NtUninstallKB14045$ → REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
→ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600AAJS-00B4A0 +++++
— User —
[MBR] b8fbf1b647dd698ef66542620dfe45aa
[BSP] 9b0b75bdc055737b567ed4fdf9e0d6d0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 … OK!
User = LL2 … OK!

+++++ PhysicalDrive1: General USB Flash Disk USB Device +++++
— User —
[MBR] 6b25f36d6c0add261e3e974ab1c93571
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 1910 Mo
User = LL1 … OK!
Error reading LL2 MBR!

Finished : << RKreport[4]_D_05072013_02d1504.txt >>
RKreport[1]_S_05062013_02d1556.txt ; RKreport[2]_SC_05062013_02d2204.txt ; RKreport[3]_S_05072013_02d1501.txt ; RKreport[4]_D_05072013_02d1504.txt

You had zero access and probably have lost some windows services in the process

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

I will have to attach it as it is over 10,000 characters…