Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

avast says infected pages loaded when opening new tab; privoxy problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 vekee

vekee

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 AM

Posted 31 July 2015 - 12:33 PM

Hello!

When opening new tab in browser, Avast alarms that infected page is loaded and it says is located in C:\Program Files (x86)\Softcomp Software/privoxy.

I found similar problem in this topic http://www.bleepingcomputer.com/forums/t/579729/pop-up-pages-when-i-click-a-new-link/

 

So I downloaded AdwCleaner and Farbar Recovery Scan Tool. Here's a logfile from AdwCleaner:

 

# AdwCleaner v4.208 - Logfile created 31/07/2015 at 18:41:09
# Updated 09/07/2015 by Xplode
# Database : 2015-07-26.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Shucky - TOSHIBA
# Running from : C:\Users\Shucky\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : PrivoxyService
 
***** [ Files / Folders ] *****
 
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\Program Files (x86)\Softcomp Software
[!] Folder Deleted : C:\Users\Shucky\AppData\Roaming\Mozilla\Firefox\Profiles\reikd2hk.default\Extensions\firefox@luckyleap.net.xpi
File Deleted : C:\Users\Shucky\AppData\Roaming\Mozilla\Firefox\Profiles\reikd2hk.default\Extensions\firefox@luckyleap.net.xpi
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2F137995-4D26-44AD-9C4E-91055090A817}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Deleted : HKLM\SOFTWARE\SecureWebChannel
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8118
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17909
 
 
-\\ Mozilla Firefox v38.0.5 (x86 hr)
 
 
-\\ Google Chrome v44.0.2403.125
 
 
*************************
 
AdwCleaner[R0].txt - [47389 bytes] - [29/07/2015 21:44:20]
AdwCleaner[R1].txt - [2393 bytes] - [31/07/2015 18:39:14]
AdwCleaner[S0].txt - [45151 bytes] - [29/07/2015 21:49:04]
AdwCleaner[S1].txt - [2146 bytes] - [31/07/2015 18:41:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2205  bytes] ##########
 
 
And Frst.txt and addition.txt are attached.
 
Thanks in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:15 PM

Posted 02 August 2015 - 07:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-4080734137-3346388863-1718645792-1000\...\Run: [] => [X]
URLSearchHook: HKU\S-1-5-21-4080734137-3346388863-1718645792-1000 - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - No File
URLSearchHook: HKU\S-1-5-21-4080734137-3346388863-1718645792-1000 - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-4080734137-3346388863-1718645792-1000 -> No Name - {C98D5B61-B0EA-4D48-9839-1079D352D880} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @MarineAquarium3Free_57.com/Plugin -> C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\NP57Stub.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @TelevisionFanatic.com/Plugin -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4z\bar\2.bin\NP4zStub.dll No File
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2015-06-13]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\46e8892acb6c0dd657c1fccba2564c77 [2015-07-31]
FF HKLM-x32\...\Firefox\Extensions: [64ffxtbr@TelevisionFanatic.com] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [4zffxtbr@VideoDownloadConverter_4z.com] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [57ffxtbr@MarineAquarium3Free_57.com] - C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin
FF HKU\S-1-5-21-4080734137-3346388863-1718645792-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
CHR Extension: (Avast Online Security) - C:\Users\Shucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-12]
CHR HKU\S-1-5-21-4080734137-3346388863-1718645792-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ablnpmdakdiclnimkjfcaibpgjhapkbl] - C:\Users\Shucky\AppData\Local\CRE\ablnpmdakdiclnimkjfcaibpgjhapkbl.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ablnpmdakdiclnimkjfcaibpgjhapkbl] - C:\Users\Shucky\AppData\Local\CRE\ablnpmdakdiclnimkjfcaibpgjhapkbl.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-12]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
Task: {125A7C61-8108-42CF-85BA-8C4645DA0236} - System32\Tasks\{806373D5-B417-4AA2-8017-16DE6C28B94E} => pcalua.exe -a C:\Users\Shucky\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=irs <==== ATTENTION
C:\Users\Shucky\AppData\Roaming\webssearches
C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\46e8892acb6c0dd657c1fccba2564c77
C:\Program Files (x86)\TelevisionFanatic
C:\Program Files (x86)\VideoDownloadConverter_4z
C:\Program Files (x86)\MarineAquarium3Free_57
C:\Program Files (x86)\Common Files\DVDVideoSoft

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:15 PM

Posted 07 August 2015 - 07:08 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users