Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast URL:Mal explorer.exe every 5 secs


  • Please log in to reply
8 replies to this topic

#1 cptairc

cptairc

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 29 October 2015 - 03:11 AM

Specs: Windows 7 Home Basic Dell 64-bit OS

 

My pc is really sluggish right now and although it was never really fast to begin with it was blazing fast compared from now and less than a week ago. After 5~ minutes my pc would freeze so just before my pc froze and I was forced to shutdown I opened taskmanager and found that there were multiple processes of the same service, the most prominent being explorer.exe and some others that I cant recall. It would not only freeze like I mentioned before but if I were to try and click on the taskbar or open taskmanager it would turn a whiter shade and stall. My reaction when this first happened was to press ctrl+alt+del only to find a pleasant black screen and an error message that said : "Failure to display security and shut down options. The logon process was unable to display security and logon options when CTRL+ALT+DELETE was pressed. If the operating system does not respond, press ESC or restart the computer by using the power switch."

After dozens of failed attempts to boot windows I decided that I should just factory reset my pc and not even try to bother saving this. So the next time I powered on my pc, I hit F8, entered System Repair, and found that I needed a windows 7 recovery disk in order to even attempt to reset my pc. I used my phone to google what should I do so I came on here and I ran (in order of use) ccleaner , avast boottime scan , adwcleaner_5.015 , rKill, and then combofix. I ran adwcleaner and rKill a second time and it told me that there were no more malicious files or services that could be deleted. Thinking that the problem had been fixed I booted up windows one more time. I waited for a full five minutes waiting for this thing to freeze over just like it did many times before, it didnt do it. I was so relieved and was about to open up youtube so I can listen to some Crosby Still and Nash until avast played that dreadful jingle and showed me that explorer.exe was still up and kickin'. I dont know what else to do... help...

Attached Files


Edited by hamluis, 29 October 2015 - 06:20 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:30 AM

Posted 29 October 2015 - 08:31 AM

Let's try resetting the Winsock and see if this resolves this.  If it doesn't we will then run some scans to see what else is going on.

 

Click on the Start orb rsz_1rsz_1rsz_start_orb_zpshjewtibd.png and then type cmd in the Search programs and files box.
 
In the pane above the search box Programs will appear with cmd below it, right click on cmd and choose Run as administrator.
 
If you are prompted for an administrator password or for a confirmation, enter the password, or click Allow.
 
When the Command Prompt opens copy and paste the command below, then press Enter.
 
netsh winsock reset
 
You should receive the message stating Winsock was reset, reboot for changes to take effect.
 
Reboot the computer.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 cptairc

cptairc
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 29 October 2015 - 01:03 PM

I followed your instructions and unfortunately it hasnt made a difference. Avast is still showing the url:mal explorer.exe popup.



#4 RolandJS

RolandJS

  • Members
  • 4,477 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:09:30 AM

Posted 29 October 2015 - 01:53 PM

[rjs-deleted, can't post link]


Edited by RolandJS, 29 October 2015 - 01:56 PM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#5 cptairc

cptairc
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 29 October 2015 - 08:44 PM

Thank you RolandJS I followed the instructions on the forum link you sent and I'm still getting the avast popups. If I keep avast in silent mode it doesnt bother me but Im still concerned that this may be a virus of some sort.



#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:30 AM

Posted 30 October 2015 - 08:11 AM

Please post the logs for these scan in your topic.  Do not use a host website, or post in quotes or code.
 
Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
malwarerun_zps9abd4ef1.png
 
4)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
5)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.
 
=================
  
Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.
 
The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
 
Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.
 
Note:  The log may be very long.  You may need to break it into parts to post the whole log.
 
=================
 
Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.
 
================

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 30 October 2015 - 08:12 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 cptairc

cptairc
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 30 October 2015 - 02:27 PM

I run malwarebytes for not even a minute and it already blocked two malicious files before I even scanned anything. I'll post up the logs within the hour.



#8 cptairc

cptairc
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 31 October 2015 - 01:23 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/30/2015
Scan Time: 1:21 PM
Logfile: 488989.txt
Administrator: Yes

Version: 0.0.0.0000
Malware Database: v2015.10.30.07
Rootkit Database: v2015.10.28.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cruz

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393300
Time Elapsed: 39 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Adwcleaner and TDSkiller both showed no malicious files aswell so I will not post the logs.

 

After scanning with malwarebytes and rebooting my pc I havent gotten any more popups from avast, even though malwarebytes as the log shows, it didnt find any malicious files.


Edited by cptairc, 31 October 2015 - 01:33 AM.


#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:30 AM

Posted 31 October 2015 - 08:26 AM

Where are the logs for the other three scans?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users