URL:Mal - Explorer.exe

Got it here too - a few warnings about xmlka.com yesterday and now constant pop ups of svadxvbtuc8c.com. MalwareBytes Anti-Malware scan came up clean, Avast! quick scan was clean, now running a deep scan of Avast!

OS is Windows 7 Home Premium.

Blake7 could you reboot the computer to safe mode with networking and let me know if the alerts cease when you use a browser

I have been having this exact same issue for the past 24 hours. For me the alert happens constantly, maybe every 10-15 seconds. It started Friday morning and I tried 3 different restore points going back the past week and am unable to get rid of it. I am currently in the process of backing up some files to wipe my system today. Since the question of printer use was asked previously I do not have a printer connected.

Same thing here. Started a couple of days ago. Malwarebytes found a few innocuous things the first time, nothing after that. Ran quick scans, deep scan and 2 boot scans. still popping up every minute.
Help us Avast!

I’m having the same problem, every 30 seconnds, even without launchine IE, svadxvbtuc8c.com appears in my avast poppup. i have two machines running win7, this one is on win7pro. the win7home machine i use for gaming is unaffected both are wire connected to the router.

Its been going on for at least 24 hours. i’m rather shocked that avast doesn’t log the file that is sending the url request.

I don’t have a restore point so i’m currently backing up essential files to onedrive and prepping for a wipe and reinstallation of win7.

I’d love to hear if someone comes up with a solution to this issue.

malwarebytes and windows defender aren’t finding the culprit though both did turn up some possible viruses/spyware which i promptly removed.

Interesting side note, i primarily use opera for browsing. the only things i use IE for are direct links to netflix amazon prime and pbskids. odd that the infection would occur at IE in my opinion.

i’ve done boot scans through avast as well as deep scans.

I’m afraid to drop my anti-virus to install combofix because if avast is blocking this connection, i’m pretty sure it’ll succeed if i take avast down.

Could everybody start their own topic please. At this stage I have not found the trigger however, restoring to a time before the alerts occur will cure it

The URL svadxvbtuc8c.com was registered on 10/23/14, fwiw. I’d start with a restore to 10/22. However, it sounds like this may be one of several URLs which are being called by the same unknown process. I’m also getting calls to xmlka.com, which was registered in April of this year.

Essexboy–Sorry for the long delay. I tried launching in safe mode, but avast was disabled and, though the program would launch, I couldn’t get it to turn the shield on. The button literally wouldn’t “push.”

I see a lot of other folks have been posting about the same bug. Have you figured out the trigger?

Thanks.

I believe so, could I have a fresh FRST log please

Log attached.

I haven’t had any pop-ups this morning. Avast shield appears to be on. All I’ve done since our last exchange was run Safe Mode once. Could that have cured it?

Never mind, the pop-ups are back. Now trying to go to xmlka.com, which was one of the domains last week as well.

Yes, the other site has been taken down

Download to your desktop process explorer from here http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx
Open process explorer and from the menu bar select View > Lower Pane
Select Explorer.exe
A Lower window will open
Then on the menu bar go to File > Save as…
Then select the desktop and click save
On the desktop will then be a text file called explorer please attach that
You may need to edit the file name from explorer.exe.txt to explorer.txt to allow it to be attached

Explorer.txt attached.

Could you do that again please and ensure that explorer.exe is highlighted

Here you are–sorry about that.

Nothing showing there, could I have a fresh FRST scan please

Attached.

I’ve only had the pop-up once or twice today. Last week it was like every minute or two.

I haven’t been doing anything else to actively get rid of it. My avast did update to the latest version, but nothing came up in a quick scan.

I am now getting a new url in addition to xmkla. See attached.

I’ve started getting lots of pop ups again. Mostly for xmlka. Attached are new logs, in case they show anything different.