Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[Infected By Malware] Paid User of Avast Internet Security - Need Help


  • Please log in to reply
6 replies to this topic

#1 Xhyr

Xhyr

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 06 March 2017 - 09:37 AM

Hi, 

 

I stupidly switched windows defender real time protection off, and browsed the web for full two hours before realizing it. The damage was already done at that point. 

 

Google Chrome is the only thing that is affected - I was getting pop ups on my desktop with advertisements but I installed Avast Internet Security (because I was locked out of accessing windows defender, something to do with groups that I later resolved) and that took care of the pop ups. 

 

I paid for the avast internet security package for one year and ran several types of scans after that to remove all types of malware. I ran a boot time scan, a full pc scan and some quick scans. All of them revealed virus/malware that I removed. 

 

However, now when the scan says nothing found, the malware still persists. Namely, if I didn't have avast extensions in chrome, I would still be getting redirected to different webpages, and the top 3 searches in any google search are still paid advertisements from the malware.

 

After every couple of minutes, I get a notification from avast that something called Pchunter64al.sys is being blocked. However, on system scans, nothing shows up.

 

I ran a tool called Spymaster and that revealed like 5400 infected files, but the removal feature of it was also a paid feature. I found the tool after I googled "remove redirect to watermelonshake.com"

 

Malwarebytes also revealed a clean system.

 

What do I do now?



BC AdBot (Login to Remove)

 


#2 Xhyr

Xhyr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 06 March 2017 - 09:43 AM

Update: Getting redirected to searchquery and shortlpro when browsing from chrome.



#3 Ironbender

Ironbender

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 06 March 2017 - 10:36 AM

Hello,

 

It seems I'm having the same kind of problem but thing is I never switched Windows Defender off and I'm a registered user of Avast and for the past hour I've been getting a message from avast that says "Blocked by Avast self-defense: PCHunter64al.sys (PID4)" and it's driving me crazy.

 

Nothing shows up on malwarebytes or avast and I can't find a way to make avast notifications hush.

 

Please help!



#4 Xhyr

Xhyr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 06 March 2017 - 01:34 PM

@Ironbender

 

Hi There, 

 

Well I think I have fixed my issue.

 

Okay, first things first, to get rid of that annoying sound avast plays: http://prntscr.com/egsb0t

 

Make sure silent mode is on. Then open avast, settings, and copy my settings: 

 

http://prntscr.com/egsbch

 

and for popups: http://prntscr.com/egsbj3

 

Okay, now for the malware fix, I followed this specific route:

 

-First, I got Zemana Anti malware, and ran a scan and removed all malware it caught.

-Then, I ran malware bytes, ran a scan and removed all malware.

-Then I ran hitmanpro, ran a scan and removed all malware that caught.

- Then I got CCleaner from filehippo.com, and removed all registration entries that it caught as useless.

 

Since then, I haven't been redirected anywhere, and google doesn't display false advertisements, fingers crossed right now. 

 

Here is the CCleaner I ran: http://prntscr.com/egscv5

 

Also, I removed all programs that I didn't install myself. There will probably be some, which you can find in control panel or from CCleaner. Hope this helps you.


Edited by Xhyr, 06 March 2017 - 01:38 PM.


#5 Xhyr

Xhyr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 06 March 2017 - 01:36 PM

I think i followed this guide: https://www.bleepingcomputer.com/virus-removal/remove-nova.rambler.ru-search-redirect

#6 Avast_Team

Avast_Team

    Authorized Avast Rep


  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Czech Republic
  • Local time:09:14 PM

Posted 07 March 2017 - 11:30 PM

It sounds like there was a lot of issues going on there; not limited only to a specific piece of malware, but tracking cookies and others as well.

 

I'm glad that you've finally (hopefully) caught everything; I'm confident that some or all of this adware/malware was re-populating itself, or attempting to. I would recommend - just to be safe -- isolating the machine completely from the Internet, running a boot time scan, and then a full scan.

 

I would also strongly recommend that you update to the latest version of Avast Internet Security -- our 2017 updates come with Behavior Shield, a new real-time feature that monitors active processes for malicious activity to isolate, track, and stop it.

 

This works in conjunction with the real-time streaming updates for known threats, plus CyberCapture for unknown/zero-day threats -- a whole lot more than "basic" protection ;) We have tons of info on our blog if you'd like me to pass along some links.

 

Also, since you have Internet Security (one of our premium options) you can also work directly with our support team: https://support.avast.com/support/tickets/new

 

Thanks for your support and stay safe out there!



#7 Ironbender

Ironbender

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 08 March 2017 - 01:14 PM

@Xhyr

 

Hi man,

 

I followed what you suggested and managed to get rid of the virus/malware that was causing the problem, there were 3 actually but after a 3 hour battle I managed to get the better of them!

 

Thanks a lot for sharing the solution its very much appreciated!

 

Stay alert and surf safely!!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users