system
April 15, 2015, 6:39pm
1
Since a couple of days ago I constantly get this message
http://i.imgur.com/g4pphlE.jpg
I have no idea, what’s wrong with it. When I scan the file manually there seems to be nothing wrong with it.
Any ideas on how to fix this? It’s pretty annoying.
Also I’m trying to find out where the object path points to, but I can’t find out how to access logs in Avast, to get more information.
Is there a menu where these messages are logged?
Pondus
April 15, 2015, 6:42pm
2
follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs
system
April 15, 2015, 7:09pm
3
I ran the tools, but they didn’t find anything.
I attached the logs, but I needed to delete “One Month Created Files and Folders”, as it revealed too much personal information.
What folder is that in, in programme files ?
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7B%20var%20lhost%2C%20localIpAddresses%2C%20localDomains%2C%20ipNotation%2C%20i%3B%20function%20isPlainHostNameEx()%20%7B%20return%20!(!!~lhost.indexOf('.')%20%7C%7C%20!!~lhost.indexOf('%3A'))%3B%20%7D%20lhost%20%3D%20host.toLowerCase()%3B%20ipNotation%20%3D%20%2F%5E%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%24%2Fg%3B%20localIpAddresses%20%3D%20%5B'127.0.0.1'%2C'10.*.*.*'%2C'172.1%5B6-9%5D.*.*'%2C'172.2%5B1-9%5D.*.*'%2C'172.3%5B0-1%5D.*.*'%2C'192.168.*.*'%5D%3B%20localDomains%20%3D%20%5B'zeus.pm'%2C'zenguard.biz'%2C'local'%2C'dev'%2C'ip'%2C'box'%2C'lvh.me'%2C'ripe'%2C'invalid'%2C'intra'%2C'intranet'%2C'onion'%2C'vcap.me'%2C'127.0.0.1.xip.io'%2C'smackaho.st'%2C'localtest.me'%2C'site'%5D%3B%20if%20(isPlainHostNameEx())%20%7B%20return%20'DIRECT'%3B%20%7D%20if%20(ipNotation.test(lhost))%20%7B%20for%20(i%20%3D%200%3B%20i%20%3C%20localIpAddresses.length%3B%20i%2B%2B)%20%7B%20if%20(shExpMatch(lhost%2C%20localIpAddresses%5Bi%5D))%20%7B%20return%20'DIRECT'%3B%20%7D%20%7D%20%7D%20for%20(i%20%3D%200%3B%20i%20%3C%20localDomains.length%3B%20i%2B%2B)%20%7B%20if%20(dnsDomainIs(lhost%2C%20localDomains%5Bi%5D))%20%7B%20return%20'DIRECT'%3B%20%7D%20%7D%20return%20'HTTPS%20us41.zenguard.org%3A443%3BHTTPS%20us30.zenguard.org%3A443%3BHTTPS%20us73.zenguard.org%3A443%3BHTTPS%20us33.zenguard.org%3A443%3BHTTPS%20us39.zenguard.org%3A443%3BHTTPS%20ch67.zenguard.org%3A443%3BHTTPS%20ch58.zenguard.org%3A443%3BHTTPS%20ch59.zenguard.org%3A443%3BHTTPS%20ch31.zenguard.org%3A443%3BHTTPS%20ch65.zenguard.org%3A443%3BHTTPS%20de35.zenguard.org%3A443%3BHTTPS%20de41.zenguard.org%3A443%3BHTTPS%20de49.zenguard.org%3A443%3BHTTPS%20de45.zenguard.org%3A443%3BHTTPS%20de37.zenguard.org%3A443%3BHTTPS%20gb34.zenguard.org%3A443%3BHTTPS%20gb18.zenguard.org%3A443%3BHTTPS%20gb25.zenguard.org%3A443%3BHTTPS%20gb28.zenguard.org%3A443%3BHTTPS%20gb14.zenguard.org%3A443%3BHTTPS%20hk35.zenguard.org%3A443%3BHTTPS%20hk37.zenguard.org%3A443%3BHTTPS%20hk31.zenguard.org%3A443%3BHTTPS%20hk32.zenguard.org%3A443%3BHTTPS%20hk36.zenguard.org%3A443'%3B%20%7D%20%2F*ZenMate*%2F"
FF NetworkProxy: "type", 2
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
system
April 15, 2015, 7:32pm
5
I don’t know what folder it’s in. I can’t find out how to tell Avast to show me that log again, or how to get the full location path.
If you hover your cursor over the last alert it will expand file path it will expand it to show which folder in programme files it is in
system
April 15, 2015, 7:54pm
7
where can I find that in the avast menu?
Right click the Avast blob and select last popup. If it has not re-appeared since the last boot then it will not be there
Could you run a fresh FRST scan please
system
April 15, 2015, 9:00pm
9
the last popup is just some avast commercial… I’m not getting the virus log…
next time it’ll pop up, i’ll try to get the object’s location…
Pondus
April 15, 2015, 9:26pm
10
if you dont see Essexboy in the next hour, then he has logged out for today
According to the logs you have not installed any new files for over a month is that correct ?
In that case I can do nothing. You are aware that more information is given out on facebook and twitter than you could ever glean from an analysis log.
system
April 16, 2015, 8:28pm
14
facebook does certainly not publish what files I downloaded, created, or modified over the last month on my local machine. I consider this very personal information, which I don’t want to see online.
If you absolutely need to know what files changed on my machine, then there is nothing I can do.
Please consider this thread closed.
Consider it closed then. We cannot lock threads though.