URL:Mal warning exactly every 10 minutes

Viruses and worms
21

Indeed, my son has according to KVRT several threats, see below. That’s bad…

22

You can delete those files on yours son PC but I recommend opening separate topic and posting FRST logs for it.

Does KVRT still detects something in system memory after restart?

23

I deleted the files and my son’s PC is clean now. I did several scan’s on my PC, but I still have a Trojan.Multi.GenAutorunBITS.a trojan in memory. After deleting and rebooting it comes back. My son’s PC is powered off.
Tomorrow I will post a new fixlog…

24
  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad
cmd: bitsadmin /list /allusers /verbose
cmd: bitsadmin /reset /allusers
  • Go to FileSave As
  • Make sure that UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
25

Below the newest fixlog file. I suddenly got an Avast warning again (also below).

26
  • Please download PowerRun from here.
  • Extract it and run PowerRun_x64.exe
  • Right click on first entry in list (%SystemRoot%\System32\cmd.exe) and click on Run
  • Command Prompt window with SYSTEM privilegies should appear. Type this command and press Enter:
bitsadmin /reset /allusers
  • Make screenshot of Command Prompt window and attach it here please.
27

Allright, here it is.

28

Restart your PC and report if Avast notification still occurs.

29

No Avast notification popped up. Also after scanning with KVRT there are no threats found. Maybe you can explain what happend here, because I don´t have a clue.

30

Malware dropper executable created BITS job and after that probably deleted itself. BITS job tried to download and run payload but fortunely Avast blocked it.

More about BITS (Background Intelligent Transfer Service) you can find here: https://msdn.microsoft.com/en-us/library/windows/desktop/bb968799(v=vs.85).aspx

Rename FRST64.exe to uninstall.exe and run it. That should remove FRST and its files.

31

Thank you very much for your help. I appreciate that! Keep up the good work. Cheers!