URL:Mal - Avast continues to inform about malware

Viruses and worms
1

Hey,

I REALLY need help with fixing my computer.
I’m not a geek, I have no clue what I’m doing and I’m on the edge of my nerves.

Avast, for a few days now, keeps informing me every 5-10 minutes about an effort that my browser is making to open a page that might contain viruses. Avast blocks these sites, of course. However, I can barely do anything, if these notifications keep popping up.

The sites that are blocked are getmuzicaas and getusaaall (I’m sure you’ve heard it before, I’ve seen threads about it on different forums.

I ran a few programs yesterday, anti-virus and anti-malware. I scanned my computer with Avast, I did it with Malwarebytes, Hitman Pro, and a dozen of others, some of which detected malicious files and deleted them, and some of which were useful for creating logs only (which I do not entirely know how to work with and what is their purpose except for pasting it on forums). I also ran CC Cleaner which detected nothing.

The problem continues.
I was also thinking of uninstalling chrome and installing it back again but I assume the files are in the system, not in Chrome.

What should I do? If this window pops up again, I’ll go crazy. Not to mention the fact that I’m afraid of having a trojan or something worse that will spread and do even more damage.

If logs are needed, so someone can address my problem, please, explain me in a simple and direct way, what to do. Because, as I mentioned, I’m no geek (and that’s a very delicate way to put it).

2
The sites that are blocked are getmuzicaas and getusaaall (I'm sure you've heard it before, I've seen threads about it on different forums.
yes .... plenty of similar posts below yours

follow same instructions as they all have. https://forum.avast.com/index.php?topic=53253.0

removal team is in bed now, but are back online tomorrow

3

Man, I have the same problem and I’m starting to think that the problem is on the Avast. I try all the softwate avaiable and no one detects. When trying the hint of using Kaspersky I temporarely remove avast shields. When I turn it on again it doens’t seems to appear again…

4

Why don’t you be sure and try running the malware removal scanner/tools to be sure rather than spread the wealth to others (malware). See the post above and follow the instructions of the scans to run and attachments to post, then we’ll let you know if you actually have something.

5

Hey, I created three logs. They’re attached.

I really want to get rid of this :frowning: It seems to me (but maybe I’m getting paranoid after hearing avast 100 times a day) that it keeps spreading and that these notifications appear even more often than yesterday.

Hope the logs will be an answer to this question (at least for the pros cause I don’t understand them, really).

Thanks for your help!

6

One more thing. I don’t know if it helps. But just for the record.
The sites Avast is blocking are getusaaall.info and getmuzicas.info

But the notifications appear 5 times (at the same time): 2 per getmuzicas and 3 times per getusaaall

7

Hi,

Could you post Addition log, secundary log created by FRST.

8

Ok, no need for addition log. I shall tell zoek to preform that kind of search as alter to addition report.

Please download zoek by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

StartUPAll;
Uninstall-List;
Installer-List;
bitsadmin /reset /allusers >> %temp%\log.txt;b
ipconfig /flushdns >> %temp%\log.txt;b
EmptyFoldersCheck;Delete
EmptyCLSID;
IEDefaults;
ResetIEProxy;
FFDefaults;
CHRDefaults;
EmptyAllTemp;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

9

I had to run it again, cause I forgot to tick the box with addition.txt

Here are the both logs again.
Should I continue with your advice? And follow the steps?

10

Yes, deploy zoek but use this script below:

FilesRCM;
StartUPAll;
Uninstall-List;
Installer-List;
bitsadmin /reset /allusers >> %temp%\log.txt;b
ipconfig /flushdns >> %temp%\log.txt;b
EmptyFoldersCheck;Delete
EmptyCLSID;
IEDefaults;
ResetIEProxy;
FFDefaults;
CHRDefaults;
EmptyAllTemp;
11

S**t, I already used the previous one.
I’ll wait now for your response.

I’m attaching the zoeg log (used the first code you gave me, before you had access to the addition.txt)

Avast is turned off, let me know if I should run zoeg again with the second code or should I turn avast back again.

Thank you!

12

That’s Ok, I have all under the control. Now execute this zoekscript:

FilesRCM;
Internet Explorer Toolbar 4.6 by SweetPacks;u
SweetIM for Messenger 3.7;u
SweetPacks bundle uninstaller;u
C:\Windows\tasks\AppCloudUpdater.job;f
C:\Users\Tomek\AppData\Roaming\AppCloudUpdater;fs
C:\Windows\SysNative\tasks\AppCloudUpdater;fs
C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com;f
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes];r
{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} default-search.net  Url=-;r
AutoClean;

After the system reboot post me the fresh zoek logfile.

13

Ok. I ran zoek again. Avast is still turned off. I’m using chrome only to check on this forum, no other sites/browsers are open.

Here is the second zoek file. (After it ran with the third script you had given me).

Thank you!

14

Ok, this looks very good. Enable avast! and tell me how is the computer behavior now?

15

I think it enabled itself, since an hour has passed (I turned it off for an hour) and when I righ-click on the icon, nothing appears.
When I open the avast panel, it says all of the shields are turned on. So I suppose it’s up and running.

Can I normally use my browser now?

(So far, so good, no notifications).

And, one more question. If this works (I’m crossing my fingers), but happens again at some point (in a month, half a year, whatever), should I repeat the zoek instructions you gave me? Or the malware will act differently and will transform, and I should ask for guidance on this forum again?

I really hope this works. Right now avast seems to be oddly quiet (oddly, because I got used to this annoying sound during the last few days).

Thank you so much!

16
I think it enabled itself, since an hour has passed (I turned it off for an hour) and when I righ-click on the icon, nothing appears. When I open the avast panel, it says all of the shields are turned on. So I suppose it's up and running.

Yes, all avast! shields needs to be enabled.

Can I normally use my browser now?

(So far, so good, no notifications).


Yes, I have tell zoek to target the bad ‘thing’ and to reset the ‘problem’ back to default. Use freely zoek and tell me is all well now.

And, one more question. If this works (I'm crossing my fingers), but happens again at some point (in a month, half a year, whatever), should I repeat the zoek instructions you gave me? Or the malware will act differently and will transform, and I should ask for guidance on this forum again?

Not a good idea. All these ‘script’ tools (FRST,OTL,Zoek, …etc) are based on generetic system scan. It may or may not act the same or different (bad different) on some other computer or deployed time. The above zoekscript are written in relation to posted generic logs and it uses some force routines and they are not common.

Such operations can result damage to the system if not properly executed, re-viewed in logfiles and written in relation to the posted logs.

17

Ok. Thank you so much!

So I’m going to use my browser in a usual way now.
Avast is quiet and it’s up and running. So, so far, so good.

I’ll update you in 2-3 days, if it is still ok. Unless the malware notification appears again.
But now it seems the problem is solved.

Thanks again! I’d never be able to do it on my own!
Your help was amazing! Kudos!

18

:wink:

Ok, let’s remove used tools here just in case. You continue to monitoring the system but this should be fixed.

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

19

Thank you so much.
I did what you said and here goes the report from terminating malware tools:

DelFix v10.7 - Logfile created 17/07/2014 at 19:23:02

Updated 27/04/2014 by Xplode

Username : Tomek - KOMPISHY

Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools …

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.0.0.40_15.07.2014_21.27.01_log.txt
Deleted : C:\TDSSKiller.3.0.0.40_15.07.2014_22.56.52_log.txt
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2014-07-17-131632.log
Deleted : C:\Users\Tomek\Desktop\Addition.txt
Deleted : C:\Users\Tomek\Desktop\aswMBR-log.txt
Deleted : C:\Users\Tomek\Desktop\FRST-log.txt
Deleted : C:\Users\Tomek\Desktop\MBR.dat
Deleted : C:\Users\Tomek\Desktop\zoek-results-02.txt
Deleted : C:\Users\Tomek\Desktop\zoek-results.txt
Deleted : C:\Users\Tomek\Downloads\Addition.txt
Deleted : C:\Users\Tomek\Downloads\adwcleaner_3.215.exe
Deleted : C:\Users\Tomek\Downloads\aswmbr.exe
Deleted : C:\Users\Tomek\Downloads\FRST.txt
Deleted : C:\Users\Tomek\Downloads\FRST64 (1).exe
Deleted : C:\Users\Tomek\Downloads\FRST64 (2).exe
Deleted : C:\Users\Tomek\Downloads\FRST64.exe
Deleted : C:\Users\Tomek\Downloads\JRT.exe
Deleted : C:\Users\Tomek\Downloads\RogueKiller.exe
Deleted : C:\Users\Tomek\Downloads\tdsskiller (1).exe
Deleted : C:\Users\Tomek\Downloads\tdsskiller.exe
Deleted : C:\Users\Tomek\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup … OK

~ Cleaning system restore …

Deleted : RP #291 [Punkt przywracania stworzony przez HitmanPro | 07/17/2014 10:15:20]
Deleted : RP #292 [zoek.exe restore point | 07/17/2014 13:12:10]

New restore point created !

########## - EOF - ##########