Url:Mal threat pop ups from cnc.cedexis.com

URL: (http://)cnc.cedexis.com.wscdns.com/img/36a/r20.gif?rnd=1-1-13960-0-0-36-178817441-w1SkaMO0ebmyacifcaeqIg0OOzoIvtczMiETbtJML4ETbuc9KSW2sG8iaHaogmujiaaOJigaOarqafOkcaaqabGaiaaOagaaAHnIDxr0B24XlMLHzc5ODI5WCM9Kaaaa
Infection: URL:Mal
Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Done a few malwarebytes scans, hasn’t come up with anything. Threat warning (by Avast program, not webshield i don’t think) every now and then, happened 3 times past 2 days.

Any help would be greatly appreciated :slight_smile:

We need some logs before we can help, follow instructions here https://forum.avast.com/index.php?topic=53253.0

Monitoring…

Attached Malwarebytes log and asw log

You’re missing FRST reports.

Sorry, missed that one :z

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

It’s restarted and doing a bootscan RN
will edit with results (if it finds something what option should I select?

Edit: Hope I did it right {fixlog thingy attached :)} (ps there weren’t any options at the end of the scan {it just finished on its own and booted up the comp ‘as normal’} but I didn’t stay to watch it so I might’ve missed options idk) (P.P.s I just realized I ran both in downloads folder, hope that doesn’t matter)

{Can i start logging into stuff again on chrome?/safe to use or w.e IDK what kinda infection it was GG}

Yes, you can start with normal usage. How is your PC behaving now?

There has yet to be any threat alerts. I’ll keep you posted and let u kno if there’s one. I couldn’t notice anything too different earlier, just the threat pop ups, so it’s hard to tell.

Edit: I didn’t thank u cause ive been looking at threads and normally there’s more stuff to do so i didn’t wanna awkwardly say thanks but you’ve been super helpful and I really appreciate all ur help because I’m a total virus noob and they scare the shit outta me tbh
so yeh thank u very very much

Um so I’d pinned a few notes to my notepad and photoshop psd’s ETC and the stuff I’ve pinned has gone? like it’s not been deleted but it’s not pinned anymore… kinda annoying cause i gotta re-find stuff. is there a way to fix that?

Was it saved or only opened in Notepad?

They were all saved. I mean like, you know how you can pin things to the icons on the windows toolbar? and if u have note pinned u can pin note documents to it for easy opening. But anyway I’ll try to track down all the notes I had saved that weren’t pinned anymore. I suppose that’s one of the things that had to be deleted IDK Is there anything else I should have to re-do?

I don’t know what happened, but we did not touch any personal documents. Do you have alerts or we can consider this as solved?

No more threat alerts as yet :slight_smile:
and hmm well IDK why they’ve all been unpinned…

Support @Avast - as you see above, Avast Internet Security keeps displaying malware warnings for a cnc.cedexis.com object. We validated the object is valid and not infected. Theses impacting our customers,

Please could you update your definitions or let me know what should we do ?

thanks

Rony
cedexis.com
mobile 949.874.0770