Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast detecting svchost.exe as malware.


  • This topic is locked This topic is locked
6 replies to this topic

#1 shazaib

shazaib

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 17 July 2014 - 01:02 AM

Hey there,

 

I've recently been having issues with Avast constantly detecting svchost.exe as URL:MAL, some places I've checked said this is a false positive, but I just want to be sure, so I came here.

 

I've already used Avast scan itself and Malwarebytes Anti-Malware Premium to try fix this issue, but the message still seems to be coming up every now and then consistently. I had a few infections quarantined by MBAM, here's the log, however do note Avast still seems to be detecting the svchost.exe as malware:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17/07/2014
Scan Time: 05:31:39
Logfile: 
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.17.03
Rootkit Database: v2014.07.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Zahbia

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305987
Time Elapsed: 7 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe, 2984, Delete-on-Reboot, [4b4c7f21651671c549d6259a36cc7789]
PUP.Optional.FilesFrog.A, C:\Users\Zahbia\AppData\Local\FilesFrog Update Checker\update_checker.exe, 5096, Delete-on-Reboot, [05928f1159221c1af44a2879fa08fa06]

Modules: 0
(No malicious items detected)

Registry Keys: 44
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{91552C0E-7476-AD2D-0715-CA4344D65BD2}, Quarantined, [1b7c6e32de9db6808e4c420ffc0502fe], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{91552C0E-7476-AD2D-0715-CA4344D65BD2}, Quarantined, [1b7c6e32de9db6808e4c420ffc0502fe], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\DiscountExtensi.DiscountExtensi, Quarantined, [1b7c6e32de9db6808e4c420ffc0502fe], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\DiscountExtensi.DiscountExtensi.7.2, Quarantined, [1b7c6e32de9db6808e4c420ffc0502fe], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DiscountExtensi.DiscountExtensi, Quarantined, [1b7c6e32de9db6808e4c420ffc0502fe], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DiscountExtensi.DiscountExtensi.7.2, Quarantined, [1b7c6e32de9db6808e4c420ffc0502fe], 
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1477093328-2730021769-2087165081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{91552C0E-7476-AD2D-0715-CA4344D65BD2}, Quarantined, [1b7c6e32de9db6808e4c420ffc0502fe], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{91552C0E-7476-AD2D-0715-CA4344D65BD2}, Quarantined, [1b7c6e32de9db6808e4c420ffc0502fe], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{91552C0E-7476-AD2D-0715-CA4344D65BD2}\INPROCSERVER32, Quarantined, [1b7c6e32de9db6808e4c420ffc0502fe], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Quarantined, [4e49f8a85f1cc76f02cc392144bef20e], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Quarantined, [4e49f8a85f1cc76f02cc392144bef20e], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Quarantined, [4e49f8a85f1cc76f02cc392144bef20e], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Quarantined, [4e49f8a85f1cc76f02cc392144bef20e], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1477093328-2730021769-2087165081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [25721789e39843f32e40d77dbb479f61], 
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [25721789e39843f32e40d77dbb479f61], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [33643a66bdbef640fdfc94f92ad855ab], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [36612977413aaa8cdd1df29bd52df709], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [9afd455bd6a55ed86a243a5355ad629e], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CAB54FE1-1505-16F3-8E30-E07410D7D5FA}, Quarantined, [1e79227eb6c50234cc0e6ce5f80940c0], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{CAB54FE1-1505-16F3-8E30-E07410D7D5FA}, Quarantined, [1e79227eb6c50234cc0e6ce5f80940c0], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\FiNDBBestDeal.FiNDBBestDeal, Quarantined, [1e79227eb6c50234cc0e6ce5f80940c0], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\FiNDBBestDeal.FiNDBBestDeal.1.5, Quarantined, [1e79227eb6c50234cc0e6ce5f80940c0], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FiNDBBestDeal.FiNDBBestDeal, Quarantined, [1e79227eb6c50234cc0e6ce5f80940c0], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FiNDBBestDeal.FiNDBBestDeal.1.5, Quarantined, [1e79227eb6c50234cc0e6ce5f80940c0], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{CAB54FE1-1505-16F3-8E30-E07410D7D5FA}, Quarantined, [1e79227eb6c50234cc0e6ce5f80940c0], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3BBCF326-1FC2-D919-8C2C-904AD921224A}, Quarantined, [07901d83f586f0463b9fc190b15021df], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3BBCF326-1FC2-D919-8C2C-904AD921224A}, Quarantined, [07901d83f586f0463b9fc190b15021df], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\RooboSaver.RooboSaver, Quarantined, [07901d83f586f0463b9fc190b15021df], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\RooboSaver.RooboSaver.6.1, Quarantined, [07901d83f586f0463b9fc190b15021df], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\RooboSaver.RooboSaver, Quarantined, [07901d83f586f0463b9fc190b15021df], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\RooboSaver.RooboSaver.6.1, Quarantined, [07901d83f586f0463b9fc190b15021df], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3BBCF326-1FC2-D919-8C2C-904AD921224A}, Quarantined, [07901d83f586f0463b9fc190b15021df], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7DD5E91C-3864-77EC-7635-D14910C2A03E}, Quarantined, [a5f24d53fe7d71c55585e17036cb13ed], 
PUP.Optional.Somoto, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FilesFrog Update Checker, Quarantined, [4f48019f1269ba7cac60e344b848e818], 
PUP.Optional.WebPlayer.A, HKU\S-1-5-21-1477093328-2730021769-2087165081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FLV Player, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [fa9de4bc3e3d52e4805765812dd50ff1], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, Quarantined, [adeaced2700b072f22d98b85c242916f], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [a3f48f1116652b0bbd1a23c3d42e35cb], 
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, Quarantined, [9007d9c70a7181b5b54814cb33cff010], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, Quarantined, [118680206417fb3bc03be828768eb947], 
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}, Quarantined, [0493544ce09b092d4c0bcbf6fb079b65], 
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e9f32388}, Quarantined, [8413e4bca5d67db90a4df2cf24de01ff], 
PUP.Optional.LinkiDoo.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update LinkiDoo, Quarantined, [cec9ebb599e2aa8cfbe258b2857fa15f], 
PUP.Optional.Somoto.A, HKU\S-1-5-21-1477093328-2730021769-2087165081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOMOTO\SDP, Quarantined, [890e1789e2991422f8a218e8f3112dd3], 

Registry Values: 8
PUP.Optional.Iminent.A, HKU\S-1-5-21-1477093328-2730021769-2087165081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [9afd455bd6a55ed86a243a5355ad629e], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-1477093328-2730021769-2087165081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [0b8cefb15b20fc3af797aedf3ac88878], 
PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, Quarantined, [e9ae8719502b2016241d26345ca6cd33], 
PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, Quarantined, [e9ae8719502b2016241d26345ca6cd33]
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, Quarantined, [e9ae8719502b2016241d26345ca6cd33]
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, Quarantined, [e8af1b8582f90d298cb588d2a062d62a], 
PUP.Optional.WebPlayer.A, HKU\S-1-5-21-1477093328-2730021769-2087165081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FLV Player, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe, Quarantined, [4b4c7f21651671c549d6259a36cc7789]
PUP.Optional.Somoto.A, HKU\S-1-5-21-1477093328-2730021769-2087165081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOMOTO\SDP|affid, network_adscendmedia_1, Quarantined, [890e1789e2991422f8a218e8f3112dd3]

Registry Data: 1
PUP.Optional.EasyLife.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://searchy.easylifeapp.com/, Good: (www.google.com), Bad: (http://searchy.easylifeapp.com/),Replaced,[3c5b4b554e2d25117748178cbb4904fc]

Folders: 14
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer, Delete-on-Reboot, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player, Delete-on-Reboot, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\icons, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\scripts, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\scripts\kango, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\scripts\web_player, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.FilesFrog.A, C:\Users\Zahbia\AppData\Local\FilesFrog Update Checker, Delete-on-Reboot, [05928f1159221c1af44a2879fa08fa06], 
PUP.Optional.FilesFrog.A, C:\Users\Zahbia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker, Quarantined, [8611aff15f1ce94df34cedb4fc06768a], 
PUP.Optional.NextLive.A, C:\Users\Zahbia\AppData\Roaming\newnext.me, Quarantined, [e9ae6b35384376c0cbca1c8640c260a0], 
PUP.Optional.NextLive.A, C:\Users\Zahbia\AppData\Roaming\newnext.me\cache, Quarantined, [e9ae6b35384376c0cbca1c8640c260a0], 
PUP.Optional.WeatherAlerts, C:\Users\Zahbia\AppData\Local\WeatherAlerts, Quarantined, [81160f916b10d660e7279b08a45e27d9], 
PUP.Optional.MultiPlug.A, C:\ProgramData\WbSvCouponApp, Quarantined, [9502d6ca661520166a53b9009b677c84], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\WbSvCouponApp, Quarantined, [e0b79e0257242d099925f9c09b673cc4], 
PUP.Optional.Booster.A, C:\Program Files (x86)\SW-Booster, Quarantined, [0691366a8cefa59118a714a5bf4303fd], 

Files: 43
PUP.Optional.MultiPlug.A, C:\ProgramData\DiscountEXtennsI\T.x64.dll, Quarantined, [1b7c6e32de9db6808e4c420ffc0502fe], 
PUP.Optional.MultiPlug.A, C:\ProgramData\FindBesteDeeal\bDA9.dll, Quarantined, [1e79227eb6c50234cc0e6ce5f80940c0], 
PUP.Optional.MultiPlug.A, C:\ProgramData\JoniCouPaon\EOCEyb.dll, Quarantined, [d2c58b15ec8fdc5a19c15df4b44d3ac6], 
PUP.Optional.MultiPlug.A, C:\ProgramData\JoniCouPaon\EOCEyb.x64.dll, Quarantined, [6d2a3769b8c366d06d6d1c355da4a25e], 
PUP.Optional.MultiPlug.A, C:\ProgramData\ROboSeaver\X1s2zNju4.dll, Quarantined, [07901d83f586f0463b9fc190b15021df], 
PUP.Optional.MultiPlug.A, C:\ProgramData\saaVeu nett\rN.exe, Quarantined, [a5f24d53fe7d71c55585e17036cb13ed], 
PUP.Optional.MultiPlug.A, C:\ProgramData\savae net\5uv5QX.exe, Quarantined, [c3d429779cdf251102d857fa28d97d83], 
PUP.Optional.Conduit, C:\Users\Zahbia\Downloads\InstallConverter (1).exe, Quarantined, [dabd138dbebd2e08166c9b3327dd9769], 
PUP.Optional.Conduit, C:\Users\Zahbia\Downloads\InstallConverter.exe, Quarantined, [bfd8c3ddfe7d53e3d8aa4787ec18b848], 
PUP.Optional.Excellent4App, C:\Users\Zahbia\Downloads\Passenger - Things You ve Never Done (1).exe, Quarantined, [b4e3435da5d6f046455fd2b305fc758b], 
PUP.Optional.Excellent4App, C:\Users\Zahbia\Downloads\Passenger - Things You ve Never Done.exe, Quarantined, [d1c6f2ae2e4d9c9a54500085c33e9f61], 
PUP.Optional.InstalleRex, C:\Users\Zahbia\Downloads\minecraftdl_166.exe, Quarantined, [7b1ce1bf611a62d4635497e09071b848], 
PUP.Optional.AdlSoft, C:\Users\Zahbia\Downloads\MinecraftSetup.exe, Quarantined, [3e59425ec1ba330316cb0a7044bd31cf], 
PUP.Optional.InstalleRex, C:\Users\Zahbia\Downloads\MP3juices (1).exe, Quarantined, [2671604086f5ce68703d226c6e931ce4], 
Trojan.Agent, C:\Users\Zahbia\Downloads\MP3juices.exe, Quarantined, [8e09d8c86c0fc5711de3cd78738d1ee2], 
PUP.Optional.SimplyInstaller.A, C:\Users\Zahbia\Downloads\1Convert.exe, Quarantined, [aaed00a047342c0af47160c9ef1522de], 
PUP.Optional.Somoto, C:\Users\Zahbia\AppData\Local\FilesFrog Update Checker\uninstall.exe, Quarantined, [4f48019f1269ba7cac60e344b848e818], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\installer.js, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\common.js, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\Uninstall.exe, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe, Delete-on-Reboot, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\icons\main.ico, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\icons\shortcut.ico, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\icons\tray.ico, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\scripts\config.xml, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\scripts\default_config.json, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\scripts\main.js, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\scripts\stub.html, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\scripts\kango\event_listener.js, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\scripts\kango\initialize.js, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\scripts\kango\io.js, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\scripts\kango\json.js, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\scripts\kango\jsonstorage.js, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\scripts\kango\storage.js, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\scripts\kango\utils.js, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\scripts\kango\xhr.js, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\scripts\web_player\initialize.js, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\scripts\web_player\web_player.js, Quarantined, [4b4c7f21651671c549d6259a36cc7789], 
PUP.Optional.FilesFrog.A, C:\Users\Zahbia\AppData\Local\FilesFrog Update Checker\update_checker.exe, Delete-on-Reboot, [05928f1159221c1af44a2879fa08fa06], 
PUP.Optional.FilesFrog.A, C:\Users\Zahbia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk, Quarantined, [8611aff15f1ce94df34cedb4fc06768a], 
PUP.Optional.FilesFrog.A, C:\Users\Zahbia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk, Quarantined, [8611aff15f1ce94df34cedb4fc06768a], 
PUP.Optional.NextLive.A, C:\Users\Zahbia\AppData\Roaming\newnext.me\nengine.cookie, Quarantined, [e9ae6b35384376c0cbca1c8640c260a0], 
PUP.Optional.NextLive.A, C:\Users\Zahbia\AppData\Roaming\newnext.me\cache\spark.bin, Quarantined, [e9ae6b35384376c0cbca1c8640c260a0], 

Physical Sectors: 0
(No malicious items detected)


(end)

Again, thank you for any help. I was just lurking and saw the people here are really helpful, so decided to drop in, hopefully I can get this resolved.


Edited by shazaib, 17 July 2014 - 01:05 AM.


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 17 July 2014 - 02:40 AM

Hi there,

please do the following:


Step 1

Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


Step 2

Please download this attached Attached File  fixlist.txt   116bytes   9 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#3 shazaib

shazaib
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 17 July 2014 - 03:02 AM

Hello there,

 

I've attached the log files in this post.

 

 

Thanks for your help!

Attached Files


Edited by shazaib, 17 July 2014 - 03:08 AM.


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 17 July 2014 - 03:06 AM

Please also run "step 2" (the fix with FRST) from my previous instructions and post up the log file. :)

#5 shazaib

shazaib
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 17 July 2014 - 03:09 AM

Updated my last post, fixlog added



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 17 July 2014 - 03:31 AM

Alright. Is avast still constantly detecting URL-Mal in svchost.exe or have those alerts stopped now?


Step 1

Please download this attached Attached File  fixlist.txt   3.3KB   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

Edited by aharonov, 17 July 2014 - 03:31 AM.


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 03 September 2014 - 06:54 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users