Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Avast! alerts after visiting a website [urgent]

  • Please log in to reply
1 reply to this topic

#1 xereeto


  • Members
  • 8 posts
  • Local time:05:49 PM

Posted 14 December 2015 - 04:02 PM



I opened a link I probably shouldn't have on Facebook and ever since Avast! has been giving me the 'Suspicious item has been detected' dialog every thirty seconds or so.



Infection Details:

URL:          http://r1---sn-8pgbpohxqp5-ac5e.gvt1.com/crx/blobs/QgAAAC6..(more stuff but it's hidden)

Infection:   Win32:Evo-gen [Susp]

Process:   C:\Windows\System32\svchost.exe 


Now, the URL seems telling. The domain gvt1.com is owned by Google, and a CRX is a Chrome extension, so I suspect it's trying to download a malicious Chrome extension onto my PC. And it would appear it attempts to download it every 30 seconds, but Avast! keeps blocking it. However, I have no idea what to do to stop it from doing this and indeed whether or not my PC is already pwned. 


I've run a full MBAM scan and thus far found no hint of any malware in memory nor in the file system, but I'm still scared my PC's been pwned and I don't know whether I should shut it down or run rkill or what.


Thank you for your help.


edit: forgot to mention, I run Windows 7.

Edited by xereeto, 14 December 2015 - 04:04 PM.

BC AdBot (Login to Remove)



#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 72,447 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:01:49 PM

Posted 14 December 2015 - 09:34 PM

Lets run these xereeto

  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • [/list]
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • [/list] lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
  • [/list]

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users