URL:Mal infection~~~HELP~~~HELP~~~

URL:Mal infection~HELP~HELP~~~

Hi,

I’ve recently been getting avast pop ups saying that Web Shield has blocked a harmful webpage or file. The object is https://codegv.ru. This occurs on any webpage I browse either through Chrome or Firefox.

Any help will be appreciated.

Thanks

Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

Malwarebytes’ Anti-Malware FIRST, THANKS~

frst attached, thanks~

aswMBR attached

OK, now you’ve to wait a bit…

Asyn, thanks so much~~~~~ :slight_smile: :slight_smile: :slight_smile: :slight_smile: :slight_smile: :slight_smile:

You’re welcome, please be patient, it might take a while.

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

C:\Users\Robert\AppData\Roaming\ACEStream
HKU\S-1-5-21-122671142-3754400488-185576275-1000\...\Run: [AceStream] => C:\Users\Robert\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-25] ()
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.2.10-next -> C:\Users\Robert\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Extension: AS Magic Player - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\w3xxiivg.default\Extensions\magicplayer@acestream.org [2014-08-25]
CHR Extension: (No Name) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-09-29]
2014-10-27 02:00 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Robert\AppData\Roaming\.ACEStream
CMD: netsh advfirewall reset 
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog 
CMD: netsh int ip reset c:\resetlog.txt  
CMD: ipconfig /release 
CMD: ipconfig /renew

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

fixlog attached~~ Million thanks~~~~~~~~ 8) 8) 8) 8) 8) :slight_smile: :slight_smile: :slight_smile:

Great!! it’s look like fixed, no more pop up message from avast now! you guys are so powerful!!! Please accept my sincere thanks.
from the fixlog, I guess the problems was caused by the Acestream, but I need this software to watch the football match, could I keep using it? thanks again~

The problem is that acestream is not really a good bit of software to have. It might be worth looking for a stream that does not require you to download software

This is the one the wife uses to watch Leeds http://www.wiziwig.tv/competition.php?part=sports&discipline=football

hi dears, bad news :frowning: :frowning: :frowning: :frowning: :(!!! the pop up came again!!! but it’s not as frequent as before, it’s only pop up when i link to http://hk.baidu.com, and so far it is the only website that got the pop up, attached the dump screen photo for you guys reference, thanks again!~

Is it only in Firefox as well

hi essexboy,

no, it’s happen in Chrome too…

And it is only on that site and no other

no other site so far~

I would tend to think it is then related to the site. Is it the main page or do you have to sign in

http://news.baidu.com/
http://v.baidu.com/
http://image.baidu.com/
http://music.baidu.com/

above site have the pop up and i don’t have to sign in…thanks~

A total of 24 alerts spread over those four link. Could you modify your post to disable them

It appears that the page is heavily infected with redirects