As I’m writing this Avast! continually warns me
http://211.136.8.20/files60600000009EF758/files1.majorgeeks.com/89a00d1f45ff0e3d4647dcf08a…
URL: Mal
C:\Windows\System32\svchost.exe
Any idea what this might be? And any suggestions as to make it go away?
Thanks
Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0
OK. I’ve attached the logs.
Thanks
OK, now you’ve to wait a bit…
Intriguing as Major Geeks is a good site. Let me know if this stops it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121002165454.dll No File BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121005190435.dll No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File 2015-03-07 10:38 - 2015-03-07 10:38 - 00000000 ____D () C:\Users\Ralph\AppData\Local\{A053B3A2-E369-4AA8-B1C0-FA0471193037} 2015-03-07 10:37 - 2015-03-07 10:37 - 00000000 ____D () C:\Users\Ralph\AppData\Local\{B0E506F1-5869-46CD-A3D9-011262335DAD} 2015-03-03 08:51 - 2015-03-03 08:52 - 00000000 ____D () C:\Users\Ralph\AppData\Local\{C0331966-E4EB-48C5-8DBD-A06AD597FAE5} 2015-02-26 09:42 - 2015-02-26 09:42 - 00000000 ____D () C:\Users\Ralph\AppData\Local\{99BD93E6-E0AB-46F8-87BB-1F18B4CD088A} 2015-02-26 09:42 - 2015-02-26 09:42 - 00000000 ____D () C:\Users\Ralph\AppData\Local\{38D1C6A8-473C-416B-98AA-34E6EBFF6B25} RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
It appears that it worked.
After restart there was no
alarm from Avast!.
I have attached the fixlog.
It is all Greek to me, of course.
But was there a malware in
the computer or false alarm?
But then no, it is not fixed.
As I logged out from this site
the alarm sounded again.
A window appeared with
the same notification as
before - with 6 files blocked
this time.
As I started the computer just now
another notification popped up. It reads:
http://120.198.244.30:9999/download.windowsupdate.com/c/msdownload/update/others/2015/0…
URL: Mal
C:\Windows\System32\svchost.exe
I don’t know if I should have posted a
new thread, but will try here first since
the “process” is the same as previously.
Stay in this thread, Essexboy will be back later.
The DNS relates to a mainland China ISP
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
When I clicked on the link to
the Combofix, it didn’t offer
me any possibility to choose
location to save it at. It went
straight to the small window,
asking me whether I wanted
to “save file”, so it was saved
in downloads.
I could run Combofix though,
but just wanted to you know
in case it significantly changes
anything.
I’ve attached the Combofix log.
When I restarted the computer
there were no warnings from
Avast! But as I spoke a little
too early yesterday, I think I
to wait a couple of days before
I can say whether they’re gone.
Yes, I’m in mainland China at the mo
Hold on! just now I got a warning
from Avast! Same as the one I got
initially. There you go. Tricky it seems.
That IP refers to China Mobile communications corporation
This will reset al the internet connection data, although I am not sure it will clear it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
“That IP refers to China Mobile communications corporation”
Does that mean that the problems come from being connected
to China Mobile? And that this will go away once I’m back in
Europe again using a different internet provider??
After restart the warnings came back again a few times, each had
blocked about 6-8 files it said.
Anyway, I’ve attached the log
Unfortunately if that is the ISP you are using then yes
OK. I assume since you didn’t
post any more instructions that
there is nothing to be done about it.
Thanks for you help, anyway.
I will be back in Europe in a week,
and if it hasn’t stopped then, I’ll
pick this thread up once more.
Cheers
If you could please, it appears that all connections in China are routed through that server