Yet another hxxp://lwdetyqhzh.ru/adbstyles.js?u=98023 issue

Viruses and worms
1

Hi guys,

Having this issue for about 24 hours - getting an alert for any web page I go to.

I saw Acestream plugin may be the culprit but do not want to remove it as I use it a lot.

Can’t attach the logs as requested though…

Sorry for the double post in an earlier thread.

Thank you,

Udi

2

Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

3

Read and followed, but when I post I don’t have the option to attach files, only captcha.

Udi

4

SORRY, here are the logs.

5

If you reply here you’ll find the option below the text box → “Attachments and other options”

6

Ah, you already found it. OK, now you’ve to wait a bit…

7

Yeah, pathetic, I know :o and to think I’m a mod at other forums… Don’t tell anyone! ;D

Thank you again,

Udi

8

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKU\S-1-5-21-213827014-2805118472-1953614626-1001\...\Run: [AceStream] => C:\Users\Udi\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-14] () SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.2.10-next -> C:\Users\Udi\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies) FF Extension: AS Magic Player - C:\Users\Udi\AppData\Roaming\Mozilla\Firefox\Profiles\50p4dzm4.default\Extensions\magicplayer@acestream.org [2014-08-24] FF Extension: No Name - C:\Users\Udi\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [Not Found] CHR Extension: (No Name) - C:\Users\Udi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-09-21] 2014-09-21 20:05 - 2014-08-24 17:45 - 00000000 ____D () C:\Users\Udi\AppData\Roaming\.ACEStream C:\Users\Udi\AppData\Local\Google\Chrome\User Data\Default\File System\004 C:\Users\Udi\AppData\Roaming\ACEStream Task: {248B4159-31ED-46E4-BE59-438AE0E39A8D} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION HKU\S-1-5-21-213827014-2805118472-1953614626-1001\Software\Classes\exefile: <===== ATTENTION! EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

9

I have exactly the same problem.

I am also an acestream user. Is acestream still safe?

Is the first instruction actually a fix, if yes how to make this specific to my PC?

Has the full solution actually worked for Udigra?

Do you need to run the solution on all PCc/laptops in the network?

Thanks!

10

Please start your own topic and post your logs there.
Click here to do so: https://forum.avast.com/index.php?action=post;board=4.0

11

Issue spontaneously resolved, probably the MBAM helped.

Thank you very much guys,

Udi

12

you need to attach the logs Essexboy requested … there may be leftover files so he need to see those logs

13

Not resolved. I keep getting “threat detected” on various pages, including - but not limited to - Acestream links.

Tried the above mentioned fix; attached is the report.

Thank you!