Also, I noticed a possible fix for a similar problem in a different topic on this forum (quoted below), but I don’t know if it would work for my situation.
Could you give me the full path for the deleted dll please
I would like to know that, too! I quoted the popup alert exactly as written (I’ve attached a screenshot).
Where would I look for it? I found a log file for Web Shield, but not for File System Shield. I’m lucky I was even able to read it and get a screenshot because the popup disappeared so fast and was only available once by clicking “Show last popup message”.
Do you have any suggestions as to where that information might be stored? Why would Avast not include the full path?
The chain of events with the deleted-dll popup was that, when it first appeared, it closed before I could read it, so I right-clicked on the Avast icon in the notification area and selected “Show last popup message”. At that point, my priority was to get a screenshot, so I did that, assumung that I could bring it up again to see if I could get more details by mousing over or clicking on it. When I had the screenshot safely saved, I went back to the right-click context menu, but “Show last popup message” was greyed out and no longer available.
But, GOOD NEWS - I found a log file that contains the full path of the dll.
It was in C:\ProgramData\AVAST Software\Avast\report\FileSystemShield.txt,
not C:\ProgramData\AVAST Software\Avast\log:
I just want to clarify that I did not run your first fix because Avast popped up and deleted the malicious dll before I had a chance to run it. If there is anything else listed in your first fix that needs to be done, please let me know.
Also, for clarification: In your previous reply you requested that I run a boot scan and I assumed that you meant an Avast boot-time scan, so the log that I posted was from that scan. If my assumption was incorrect, please let me know.
I have attached the log from the current FRST fix.
Nope. There haven’t been any popup alerts regarding hxxps://188.165.198.52 since C:\ProgramData{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\icmp.dll was deleted.
WARNING:Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disableJava in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware