wpad.chromecheck.in/wpad.dat

vast keeps detecting this as a security threat. I don’t know if it is actually a threat or a false positive. Could you please help out on how to get over this problem? The notifications are also getting annoying now. Attaching the image of the threat below:

https://i.snag.gy/FxhLTo.jpg

Where are the log files you where asked to provide ?

Sorry about that. Attaching the required log files.

First, remove the cracked software from your system; then run the following Fixlist script.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Also, how is your system running now?

Also, after running the Fixlist script, please run the following Search in FRST …

Run a search with FRST.

  • Right click on FRST on your desktop and select “Run as Administrator…” When the tool opens click Yes to disclaimer.
  • Type wpad into the Search Box.
  • Press the Search Registry button.
  • It will produce a log called search.txt or SearchReg.txt in the same directory the tool is run from.
  • Please attach the log file back here.

Hey

Thanks for your reply. Did the above and I still keep getting the “Threat Blocked” alert. Attaching the logs as well as the Ävast detection screenshots.

https://i.snag.gy/hE7eCq.jpg

https://i.snag.gy/faEGsL.jpg

Happy New Year!! And thanks for the logs; we needed the exact location / keys to fix this issue.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

- Right-click on 

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
- Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

How is your system now?

Hey,

Happy new Year to you too! No changes even after running the FRST with the fixlist. Attaching the logs.

Please run the FRST search again.

PFA the log file.

Sorry but there is one other place to check; there is a search setting used in the registry and since this can be different for each user, this search should be included. Thanks for your help in this.


Run a search with FRST.

  • Right click on FRST on your desktop and select “Run as Administrator…” When the tool opens click Yes to disclaimer.
  • Type chromecheck;wpad into the Search Box.
  • Press the Search Registry button.
  • It will produce a log called search.txt or SearchReg.txt in the same directory the tool is run from.
  • Please attach the log file back here.

Attaching the requested log file.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

- Right-click on 

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
- Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

Are you still getting the warnings now?

Thanks a lot. No more warnings shown. Seems fixed! :smiley:

If everything else if fine for you (Avast is running / scanning with no warnings, etc.) then I will remove our tools and get you on your way …

Clean up of Malware Removal Tools
Now that we are through using these tools, let’s clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

[]Download Delfix from here to your desktop and double click it to start the program
[*]Ensure Remove disinfection tools is ticked
Also tick:
[
]Create registry backup
[*]Purge system restore

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/DelFix%20Standard%20Selection_zpswethifs1.png

[*]Click Run
[*]The program will run for a few moments and then notepad will open with a log. Note: Please save this log first before rebooting your system (if asked to); DelFix does not save the log as it is trying to remove all traces of our work on your system. Please attach the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

==Some Tools to consider to help keep your system safe ==

Unchecky is a small service that runs in the background to help keep those “extra toolbars” and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Also, consider keeping MalwareBytes Antimalware in your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won’t have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and uBlock Origin add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online


I’ll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!