Hi there

Have a laptop running Avast Free antivirus that has been consistently blocking wpad threats
(please see screenshot of Avast message with details).

Have tried a couple of things to try to assist but to no avail.

Tried scanning & quarantining found items with Malwarebytes & AdwCleaner then rebooting
Resetting resetting Chrome sync, removing all stored browser data & resetting Chrome sync. (It seems to happen when using Chrome, although not necessarily exclusive to Chrome)

Have attached scan logs from Malwarebytes, & Farbar but could not get a scan done with aswMBR.exe as laptop kept crashing during scan.

Any assistance is very much appreciated, thank you in advance.

but could not get a scan done with aswMBR.exe as laptop kept crashing during scan.

wpad.itotolink.com = Blacklisted
https://www.virustotal.com/gui/url/28fd0d3401ffc64fabeb816882a44bd121f0449f7ad940aa59ebabfe8e45601c/detection

Could you please help us with what we have to do resolve this? I see the problem with the url in the link you gave us but how does that help us to stop this? What do we have to do?

I´m having thew same problem.

Thank you!!

Instructions >> https://forum.avast.com/index.php?topic=194892.0

Thank you Pondus

Hopefully someone can assist with the threat blocked warning that keeps coming up all the time. (We are not accessing the blacklisted site manually at all, something in the background seems to be doing so, and I can’t pinpoint what it is).

I’ve seen other folks with a similar wpad gremlin have been assisted with a fixlist file that superheros on this forum have sent to them to apply with Farbar. Holding thumbs here so that I don’t have to do a last resort clean install of Windows 10.

see this >> https://forum.avast.com/index.php?topic=236869.msg1556902#msg1556902

Thank you Pondus

I will try and report back

Link i infested

Checking: http://ww9.itotolink.com/
File size: 3864 bytes
File MD5: ba1cf847ad51aa5b810c6ff71600ca98

-http://ww9.itotolink.com/ - archive JS-HTML

-http://ww9.itotolink.com//JSTAG_1[158][19b] - Ok
-http://ww9.itotolink.com//JSTAG_2[3a8][fb] - Ok
-http://ww9.itotolink.com//JSTAG_3[4e5][8f4] - Ok
-http://ww9.itotolink.com//JSTAG_4[e1b][e3] - Ok
-http://ww9.itotolink.com/ - Ok

Checking: -http://wpad.itotolink.com
Engine version: 7.0.46.3050
Total virus-finding records: 9101533
File size: 640 bytes
File MD5: 1681044b0b070391553283c974894c78

-http://wpad.itotolink.com infected with Trojan.DownLoader27.22565

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

• Open Notepad (click Start button → type notepad.exe → press Enter)
• Copy text from code block below and paste it into Notepad

cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v SearchList /d "" /f
Reboot:

• Go to File → Save As
• Make sure that UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.