wpad.dat

URL: http://wpad.browserupdatecheck.in/wpad.dat
Infection: URL:Mal
Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

I know this thing has been showing up a lot recently, And I can confirm where of the origins it came from. It was bundled in a download for a ‘Jar of beans’ emulator as seen here. http://puu.sh/iHDcr/3a7cde1cd4.png On techmacho.com

Unfortunately even though I know where it came from I know not how to get rid of this pesky thing, have done several sweeps with multiple antivirus’s and yet it presistantly pings avast with the files, firefox.exe avast itself when scanning the network, scvhost.exe occasionally and other key things.

From what I can tell, It’s trying to log traffic on the network, I dont know how far that actually goes though.

I have included all the required logs and would like to see if this problem can be solved as it seems to be a new one specific to this website.

I’m having the same issue but no idea what program dropped this on me. I initially had some fake cleaner and dealz on chrome. Thought I got rid of them then these strange warnings from avast about

http:\wpad.browserupdatecheck.in/wpad.dat

feel totally lost and in the dark after running multiple cleanup tools. Still Avast keeps warning me something’s wrong. I just don’t have a clue what it is even after uninstalling reinstalling chrome. It happens on chrome and IE.

Getting the same warnings, except mine are springing up from Skydrive.exe and svchost.exe

Seems like Dealz may be a common denominator here, recently cleaned that up before the problem came up as well.

Everyone else, please start your own topic.

Uuuuh… Basically all the topics have the same response as to what to do but, It was stated not to do any scans without being told to do so. I’m going to go out on a limb and say I should follow the other topic’s advice?

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Here’s the results.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Here.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Result for the fixlog

How is the situation now?

Still has not been solved, I have learned a few things since however. First off, the virus only pings the network whenever there is activity on it. Such as turning it on and off. Second off, Changing the Mac address and IP doesn’t stop it either. I’m going to be trying to outright block the site but… problem still presists.

Can you reinstall Avast?

As in uninstall and then reinstall? Because I still have it installed on this PC.

Yes, please try it.

It still continues to ping things, Specifically avastUi.exe, svchost.exe and firefox.exe. Even after uninstalling and reinstalling avast.

Stand by until Avast team check this, it could be a false detection.

Okay thanks, Lemme know if any news comes up.

Please run Windows Update and install all updates. Then tell me do you still have Avast warnings.