URL:mal

Viruses and worms
1

I keep getting the avast pop up saying its blocking a threat called URL:mal, i have noticed my computer running slow since this, i ran the usual system tools and also malewarebytes. restart and tada, its back. any idea how to get rid of this?

2

This is usually an indication of an underlying hidden or undetected infection and avast is preventing it from calling home.

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

3

i ran malwarebytes and frst64, attached is the logs, i tried to run aswmbr, i attempted it 3 times, all 3 were still running after 24 hours, should it take that long?

4

Hard to say how long it might take - system resources, CPU, RAM and importantly how much data is on your hard disk. Though 24hrs, does seem excessive.

I will try and get one of the malware removal specialists to take a look.

5

The alerts should cease after the FRST fix

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-176455449-1255996635-1213461631-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks! HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-176455449-1255996635-1213461631-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-176455449-1255996635-1213461631-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKU\S-1-5-21-176455449-1255996635-1213461631-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File 2015-01-04 11:17 - 2011-02-20 12:22 - 00000000 ____D () C:\Users\Sandra\AppData\Local\WeatherBug 2014-12-29 18:24 - 2014-05-18 12:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 CustomCLSID: HKU\S-1-5-21-176455449-1255996635-1213461631-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks? EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.