Win32:Adware-gen [Adw]

Viruses and worms
1

Avast! pop up notifies me that a page was blocked upon start up of my PC, identified as such, Win32:Adware-gen [Adw] in the Quarentine Chest. I’ve run Avast Full scan, Malwarebytes but they don’t turn up nothing. I also had another, Win32:evo-gen [Susp] that was detected by Bootstart up scan and was moved to the Quarentine chest and deleted. But this one seems to remain. No issues with PC but seeing as its adware I would like to get rid of it before I involve my friends. My OS is Windows 7 64-Bit.

How can I fix this?

2

Follow the instructions and ATTACH the logs to your next post:
https://forum.avast.com/index.php?topic=53253.0

3

I assume I stop before the “if USB infected”?

4
No issues with PC but seeing as its adware I would like to get rid of it before I involve my friends.
if moved to chest you have got rid of it.... unless there is more or leftover files

however if you want a check, follow instructions in guide Eddy gave you

I assume I stop before the "if USB infected"?
attach Malwarebytes and Farbar recovery scan tool logs
5

Monitoring …

Malwarebytes should target this but if something is lefted undetected, FRST’s set of logs shall tell us so.

6

Here are the results.

7

Hi,

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Start Task: {D2AA55AF-17F0-42A1-A869-A01F2F9E3620} - System32\Tasks\{6E4A1EDD-D2DC-4F85-928A-B599B9383070} => E:\Documents and Settings\Jose A Ruiz\My Documents\Music\meshi mase misaki !\召しませみさき!.exe [2010-05-16] () HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2825531085-3345828846-2076820948-1001\...\MountPoints2: {335b0fa2-4252-11e3-adcc-50e549e69dd0} - F:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-2825531085-3345828846-2076820948-1001\...\MountPoints2: {34332ea8-aee5-11e3-a329-50e549e69dd0} - F:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-2825531085-3345828846-2076820948-1001\...\MountPoints2: {d65da615-b926-11e3-ad81-50e549e69dd0} - F:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-2825531085-3345828846-2076820948-1001\...\MountPoints2: {d7b2325d-abdc-11e1-8007-50e549e69dd0} - F:\ToolLauncher-Bootstrap.exe Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File S3 cpuz136; No ImagePath S3 gdrv; No ImagePath S3 GPUZ; No ImagePath S3 X6va011; No ImagePath S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X] C:\ProgramData\hash.dat CMD: bitsadmin /reset /allusers CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% Reboot: End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

.

Please download Zoek tool by Smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers and temporarily disable your AntiVirus program. (if it is necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool. Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:


Uninstall-List;
StartupAll;
ipconfig /flushdns >> %temp%\log.txt;b
EmptyFoldersCheck;Delete 
EmptyCLSID;
ResetIEProxy;
AutoClean;
Reboot;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

8

Hey thanks for the help, will try this soon but…it seems I also have…Win32:Evo-gen [Susp]…do I go with what was instructed with on previous post or wait for further instructions? Oh and its also in the same TEMP folder.

9

That is a suspicious detection … usually happens with new files

Just follow instructions given and attach logs

10

Will do, thanks again! Actually…I might wait till this storm passes over so nothing in the process gets screwed over if the power goes out. One last question, Once that fixitlist.txt is made, I move it to where the FRST log is right?

11

You save fix to same place you saved FRST tool … when tool is run as instructed it will find the fix and execute instructions given in fix

12

Ah…in what mode do I save the text file? ANSI says something will be lost if saved as such. Unicode, Unicode big endian or UTF-8?

13

Not sure if it matter but i see the fix contain some chinese looking stuff so try unicode
If needed magna will create aditional fix

14

Upon trying to DL zoek.exe from link provided, Avast blocked it. Is there where I disable my AV?

15

Right click avast tray icon and pause shields

16

Alright, both procedures done. Results Attached.

17

I didn’t get a pop up notification this morning upon PC start up. Am I in the clear?

18

magna86 will give you the all clear if all is clean. Please wait for him to look over your latest logs.

19

Cool. Just thought I’d point that out is all. Thanks!

20

Hi,

This should be it. Tell me is there any progress as logs after cleaning appears as clean?