what’s up guys … if anyone can help me please with this problem … my avast always pops up and tell me this

Object: http://doda.redirectme.net:777/is-ready
Infection: URL:Mal
Process: C:\Windows\system\wscript.exe

I’ve tried to scan my pc more than once but to shows no infection
Can anyone help me with this please ?

instructions https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs

here you go … Malwarebytes and Farbar Recovery Scan Tool logs

I can see no sign of a vbs file so I will use a different tool

But first please uninstall Chrome, you can re-install once we have finished

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File CHR Profile: C:\Users\king\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (NBA Live News) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\appncjoeoaegjpfoinalcdkkgpojgbdp [2014-09-30] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-10] CHR Extension: (YouTube) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-24] CHR Extension: (Google Drive Quick Create) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckcbfnpodigdcbjjmhmolhkhlfbepnca [2014-09-19] CHR Extension: (Google Search) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-24] CHR Extension: (Bookmarks Tagger) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpiecafonfminhngabegejbligdagjfc [2014-09-22] CHR Extension: (GOSaeve) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccamnodmehlfmaeogbfioipldegbclp [2014-09-12] CHR Extension: (Avast Online Security) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-08] CHR Extension: (IDM Integration Module) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-07-26] CHR Extension: (Lorem Ipsum Generator Default Text) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcdcbjjoakogbcopinefncmkcamnfkdb [2014-10-07] CHR Extension: (Google Wallet) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-26] CHR Extension: (Keep Me) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-09-12] CHR Extension: (Gmail) - C:\Users\king\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-24] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-08] CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-07] C:\Program Files (x86)\Google\Chrome C:\Users\king\AppData\Local\Google\Chrome EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download Anti VBS/VBE to your desktop

[]download the appropriate version (32 bit or 64 bit) and double click the file to run it.
[]After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
[*]Post that report

Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run

FINALLY

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

here it is … i hope it helps

Could you open the antivbs/vbe log please and then save as ANSI as I can’t read it

Are the alerts still present ?

the alerts are gone … is that it ? or not yet ? and do you still need the antivbs/vbe log ?

do you still need the antivbs/vbe log ?

i hope you can open it …

the ANSI one

Dont forget the other logs …

which logs ? i had already posted all the logs you have asked for o.O

Read Essexboys instructions one more time

Run FRST and press Fix On completion a log will be generated please post that

FINALLY

Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on “Clean”
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

i already did that and i had posted the logs up … do you mean to change those logs also to ANSI ? or do you think i didn’t do what he asked for ? …

Online Botro

Newbie
*
Posts: 8
    View Profile
    Email
    Personal Message (Online)

Re: URL:Mal Process: c:\windows\system\wscript.exe problem
« Reply #4 on: Today at 09:15:37 PM »

Quote
Modify

here it is … i hope it helps
Modify message

• AdwCleaner[S1].txt (6.66 kB - downloaded 1 times.)
• Anti-VBSVBE.txt (0.38 kB - downloaded 1 times.)
• Fixlog.txt (11.32 kB - downloaded 1 times.)
  Report to moderator 41.178.114.164

I my bad, see them above

no problem … thanks a lot man! i think we’re done … right ?

No … when essexboy say so

Oh … okay … i think i have to wait for his reply
Thanks

Are you still getting the alerts ?

nope