Hello Avast community,
I seek your help again.
I am following the following instructions:
https://forum.avast.com/index.php?topic=53253.0
These darn annoying pop ups, leading to slow running PC.
Here attached are the following files:
Thanks in advance to the Malware Analyst that will be helping out this issue.
avastpandainc.
Could you let me know what problems remain after this
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
S2 BrowseForTheCause; "C:\Program Files (x86)\BrowseForTheCause\BrowseForTheCause.exe" [X]
R2 PrivoxyService; C:\Program Files (x86)\Techsmart Computer\privoxy.exe [371200 2016-05-19] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
C:\Program Files (x86)\Techsmart Computer
C:\Program Files (x86)\BrowseForTheCause
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your Desktop.
[*]Close all open programs and internet browsers.[/]
[*]Double click on AdwCleaner.exe to run the tool.[/]
[*]Click the Scan button and wait for the process to complete.[/]
[*]Click the logfile button and the log will open in Notepad.[/]
[*]Click on the Clean button follow the prompts.[/]
[]A log file will automatically open after the scan has finished and the PC has rebooted.[/]
[]Please post the content of that log file with your next answer.[/]
[]The report will be saved in the C:\AdwCleaner folder.
Thank you for your prompt reply,
here is the log after fixlist was generated: FixLog
here is the log after running adwcleaner_5.119:
I am going to predict that all is well now?
Hmm privoxy does not appear to want to go
Could you run MBAM again please
Hi essexboy,
here are the four files from today’s run.
The error could have been due to the fact that my first run of FRST64, I did not (right click) and run as administrator.
thanks.
Honestly, it felt OK, even before the second run of MBAM.
Do you still want to proceed with a new fixlist.txt? (and subsequently adwcleaner)
Or should we conclude with Delfix?
I am content with the behaviour of this laptop after your help…
Nope tidy up as it looks clean
What browser did they appear in Chrome ?
Yes, you are correct, Google Chrome browser
Here are the four files:
Personally I would get rid of Chrome as it is now becoming a risk
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
CHR Extension: (04a647e8892acb00f8fea02167c03aff) - C:\Program Files (x86)\Google\Chrome\Application\04a647e8892acb00f8fea02167c03aff [2016-02-24]
CHR Extension: (04a647e8892acb00f8fea02167c03aff_2) - C:\Program Files (x86)\Google\Chrome\Application\04a647e8892acb00f8fea02167c03aff_2 [2016-06-01]
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
I do not have a good feeling with this fixlog.
As soon as this laptop rebooted, and I was logging on to this forum, it generated a pop-up/another page.
We use Chrome on three different devices.
If the solution is to curb our browser usage, then we will go that route as suggested.
Thank you.
First off confirm as to whether this occurs in other browsers …
If not then run Chrome in incognito mode, does that stop it https://support.google.com/chrome/answer/95464?hl=en-GB
Let me know the result
To answer your first question, yes the pop ups and unwanted tabs occur with IE (edge).
I have “Reset Microsoft Edge Through the settings”
once rebooted.
on the Chrome side, yes there are still pop ups and unwanted new tabs.
And on the IE Edge, darn yes still present.
Would you like me to continue with the System File Checker method? (method 2 from HowToGeek?)
I suspect the virus was originated in an Edge browser, as the primary user of this laptop uses IE.
Firefox is not even used/installed.
I ran the SFC Scannow:
Windows Resource Protection did not find any integrity violations.