While using photobucket, a popup appeared. I just closed it and didn’t think to document it or anything, though I was seriously surprised because I’ve never gotten one there before (it just opened a white window with no information and a strange url that wasn’t photobucket related). I contacted photobucket to complain, and their response has left me thinking it might have been malicious since they don’t seem to use pop ups anymore.
I’ve scanned with Avast Internet Security, did a boot time scan (although it required me to download additional components, is that normal?), ran malwarebytes free edition and malwarebytes anti rootkit, and the chrome clean up tool from google.
Nothing was detected, are there any other anti-spyware things I should run or can I consider myself to have dodged a bullet?
Whilst I used photobucket.com some time ago I started to use it again, but I haven’t seen any popups whilst using it. However I use the latest firefox version and have AdBlockPlus, NoScript and RequestPolicy add-ons, which is likely to have blocked anything like this.
If you haven’t rebooted avast or had another unrelated popup, right click on the avast tray icon and select ‘Show last popup message.’ If you have it take a screenshot of the popup and attach it to your next post.
If it had been an ad-popup it is possible it could have been associated with a malicious site/ad but avast is likely to have killed that (aborted the connection) attempt to display something considered malicious. That said we would need more detailed information to say for sure.
This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.
For the time being just download and run the Farbar Recovery Scan Tool (FRST) and attach the two logs it generates to your next reply.
There may be some delay in a malware removal specialist being able to analyse your logs as it is close to midnight here in the UK.
Hi, I don’t see an option for show last popup. I right clicked on Avast on the bar at the bottom of my screen and it only provides the following options:
Open Avast Interface
Shields Control
Silent Gaming Mode
Virus Chest
Safe Zone Browser
Update
Enable Offline mode
Subscription Information
About Avast
I checked Chrome and there is an Avast extension but it says it isn’t enabled. I’m running the Farbar right now, will post when it finishes
[Edit] I’m dumb, it’s grayed out so I guess I did something that prevents it from recognizing the pop up.
Ok; I ran through your FRST logs and there is nothing malicious showing. Unless Avast shows you any more warnings, your logs are clean and you are good to go.
Clean up of Malware Removal Tools
Now that we are through using these tools, let’s clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.
[]Download Delfix from here to your desktop and double click it to start the program
[*]Ensure Remove disinfection tools is ticked Also tick:
[]Activate UAC
[]Create registry backup
[]Purge system restore
[*]Reset system settings
[*]Click Run
[*]The program will run for a few moments and then notepad will open with a log. Note: Please save this log first before rebooting your system (if asked to); DelFix does not save the log as it is trying to remove all traces of our work on your system. Please attach the log in your next reply.
You can delete any log files left on your desktop as these are no longer needed.
The active (not greyed out) ‘Show last popup message’ option is based on you having received one (some may not be recognised as qualifying) and not having rebooted since receiving it. So it really depends on exactly what that pop-up was about and I don’t know that.
Avast malware alert popups certainly qualify for recall using the ‘Show last popup message’ provided you haven’t had another popup or rebooted.
Thankfully dbrisendine, a qualified malware removal specialist has given you a clean bill of health. Looks like whatever it was that avast threw up the popup for was also blocked by avast.
Thank you both so much! Now I am going to enable the avast extension in chrome so that this doesn’t happen again, so silly of me to never have enabled it - live and learn I guess!
Btw the only tool I used that I don’t always use is FARBAR, so I just went ahead and deleted it since I didn’t use multiple programs (weirdly it had not installed in my programs, so I guess it just ran a scan from where it was when i downloaded it). I use malwarebytes all the time so I don’t want to delete that
The Farbar Recovery Scan Tool (FRST) is essentially an analysis tool, until you get someone (skilled in its use) to analyse the log files and create a fix, if required. So it isn’t something that you would generally have on your system and run periodically.
The link to download the Delfix tool given by dbrisendine, should have removed Farbar if you still had it on the system.
