URL:Mal - Explorer.exe

My computer has been running slower for days. I installed avast and the scan found nothing, but I’ve received constant pop-ups from the avast! Web Shield:
Object: https://svadxvbtuc8c.com (yesterday it was a different URL)
Infection: URL:Mal
Process: C:\Windows\explorer.exe (always the same)

I’ve run the other recommended scanners listed on the main forum topic. Logs attached.

Any help is greatly appreciated!

Ditto. Avast we need your help!!

Ditto here. Driving me crazy!

This is the message:

Object: svadxvbtuc8c.com
Infection: URL:MAL
Process: C:\WINDOWS\explorer.exe

Clicking on MORE DETAILS takes you to an “apparent” AVAST website.

You appear to be running three antivirus programmes, two will need to go

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

I am getting the same thing as well. It changes almost daily and I have been unable to remove.

Essexboy,

I ran Combofix as instructed. Log attached. The issue persists: I continue to receive pop-ups like the one previously described.

One hiccup: I physically disconnected my computer from the internet before disabling avast! (as I’m concerned about whatever information the virus is trying to transmit), I then ran ComboFix, but it obviously wasn’t able to update to the latest version. Per your instructions, I did not re-run ComboFix. Should I update it and re-run?

Many thanks.

Could you re-attach the FRST log please as I would like to take another look at it

Also are any other computers that use your router experiencing this ?

Attached.

Regarding other computers: not that I am aware of.

OK as of now I am unable to locate the trigger, do you have a system restore point prior to the alerts starting ?

If so could you restore to that and if the alerts do not re-appear run a fresh FRST scan so that I can run a comparison

No, I don’t have an early enough restore point.

Forgive me naivety, but is there no way to install a corrected version of explorer.exe?

Its not explorer it is just that the file is using explorer to access that site. Have you ever used process explorer by sysinternals ?

I don’t think so? Should I?

OK if you feel happy could you do the following :

Download to your desktop process explorer from here http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx
Run the programme and expand (by pressing the +) explorer.exe
When the alert appears note down what process is using explorer at that time
In my screenshot I just have Caledos running under explorer

Screenshot below.

Also, none of the files changed when the avast! pop-up occurred.

So there was no additional entry when the alert occurred, were you using your printer at that time ?

Correct - no additional entry.

Yes, I was using the printer.

Attached is another screenshot.

One observation: I’ve noticed that the pop-ups tend to occur more often with Internet Explorer is open, BUT they will also occur when Internet Explorer is not open, or even before Internet Explorer has been launched upon a new startup.

Second observation: Whenever I open up Windows Explorer, it lags for a second, and then I get the pop-up.

Another screenshot attached–it popped up even when Process Explorer was the only thing running under explorer.exe.

I’m using windows 7 and the avast popup is driving me absolutely insane. I have noticed that in my process list I have 2 explorer.exe running at the same time, one of them shows up at proper place and can access file location…The other doesn’t go to file location and also cannot be ended.

I have absolutely no clue on what this bug is but I’m about to try comodo or even blasted Norton to get this thing GONE