I ran FRST after visiting some strange web page and I noticen 2 drivers I can’t recognize. Are those wich have question marks (??) before the path. I checked those paths and the files doesen’t seem to be there anymore. The first seems to be part of Avast NG component (wich I removed recently), but I can’t recognize the other.
The logs are attached. Malwarebytes says everything is clear.
By the way, the website link is the following one
http://francecelebre.com/?p=209
I found it via faecebook. Virustotal says it’s clean.
I found it via faecebook. Virustotal says it's clean.
Virustotal does not scan the website for malware, it check URL against known blacklists
if you click the additional info tab … scroll down to the bottom, there you can scan for malware by clicking Sucuri / Quttera links
according to urlQuery here http://urlquery.net/report.php?id=1431012932604 there is a link to a blacklisted site
https://www.virustotal.com/en/url/8d13eceae2d56b8455f8da95130897f5e771aa17c96c88166e98d991975f5d40/analysis/1431012831/
Probably harmless to use according to VT.
The threat should have resided here, but also Sucuri gives it a low risk status: https://sitecheck.sucuri.net/results/p.adpdx.com
Bad zone: bad zone: Could not get name servers for ‘p.adpdx.com’.
Scam, fraud and PHISHing: https://www.mywot.com/en/scorecard/landing.entertainment-factory.com?utm_source=addon&utm_content=rw-viewsc
See: https://www.virustotal.com/nl/domain/adk2trk2.cpmrocket.com/information/ (this is Riskware).
polonus
S3 NTIOLib_Flash; \??\C:\Users\DARTH_~1\AppData\Local\Temp\2WSX3EDC\NTIOLib_X64.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
These ones ?
The ?? means it is a kernel mode driver nothing nefarious http://www.securitysupervisor.com/security-q-a/windows-securiy/284-what-is-kernel-mode-driver
Yep, those two.
Thanks for the help to everyone. Now I know something more about how to use Virustotal on scanning websites.