Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Avast Scans freeze at 41%


  • This topic is locked This topic is locked
12 replies to this topic

#1 kschwi

kschwi

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 07 December 2017 - 05:04 PM

Hi,

 

When I run the anti-virus program on my 1-year old computer using Windows 10 Avast it freezes at 41% complete. I also had a popup today indicating my computer may be infected and to call microsoft. It was all in read and I am guessing that was fake.  In looking at the history in Chrome, the popup came from mainrdrct.global.ssl.fastly.net and adverrd.global.ssl.fastly.net

 

I believe Malware bytes found the trojan Kovter last month but the program updated last week and I can't find that log. A new scan by Malwarebytes did not find anything. 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 08 December 2017 - 08:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs.

Wait for further instructions.

#3 kschwi

kschwi
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 08 December 2017 - 04:00 PM

I have attached the files as requested. Thanks for your help.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 09 December 2017 - 08:38 AM

Hi,


Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
CHR Extension: (Avast SafePrice) - C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-12-07]
CHR Extension: (Avast Online Security) - C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-14]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {19DFAA89-2E77-44F1-8DF7-133BB8FFBC37} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
C:\Windows\System32\Tasks\Microsoft\Windows\UNP\RunCampaignManager

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#5 kschwi

kschwi
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 09 December 2017 - 12:29 PM

I used the 64 bit version of FRST.  

 

However, I just had that pop up all in red with audio saying my computer might be infected. I have copied the website url from my history

 

http://165.227.120.160/as/?c5a2c19f3c31fc0ftfn1d5a2c19f3c3239=(855)%20383-3990

 

https://mainrdrct.global.ssl.fastly.net/in/advu12612612/

 

https://adverrd.global.ssl.fastly.net/?rsid=15a2c19d8e61a2

 

I'm think it might be something with yahoo.com because I think (not positive) that the yahoo page is open and then disappears when the redirect occurs. 

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 09 December 2017 - 02:08 PM



Hi,


This is a scam.

Read carefully and follow the instructions on this page.
https://malwaretips.com/blogs/remove-tech-support-scam-popups/

If at any time you need help please ask before proceeding.

#7 kschwi

kschwi
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 09 December 2017 - 02:51 PM

I knew it was a scam. I had closed it using F4. The malwarebytes Adw Cleaner did not find anything and neither did Malwarebytes. Should I try Hitman Pro?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 10 December 2017 - 07:59 AM

Hi,

If not already done reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

====

If the problem persists run this Malwarebytes Anti-Rootkit.

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

Before you run the program make sure you follow the instructions under Section 5.
5. Unselect sectors and system below. Hit the scan button.

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.
<<<>>>

Should I try Hitman Pro?

Your call if you have to.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 16 December 2017 - 07:40 AM

Are you still with me?

#10 kschwi

kschwi
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 20 December 2017 - 11:31 AM

I had another popup today so I reset chrome. Hopefully, that makes a difference. 

 

I'll try the rootkit later in the week when I have more time.

Thanks!



#11 kschwi

kschwi
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 23 December 2017 - 04:00 PM

I did not the malwarebytes rootkit scan and it didn't find anything. 



#12 kschwi

kschwi
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 23 December 2017 - 05:52 PM

I was finally able to complete a scan by Avast and is said there is  broken registry issues 579 items  



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 24 December 2017 - 09:33 AM

If your system is slow and are having problems you may have to fix the Windows 10 registry.

Nagivate to this page. Read the instructions for the Windows 10.
If you can print them for your reference.

https://neosmart.net/wiki/fix-registry/#Fix_a_corrupt_registry_in_Windows10

I suggest your use the Refresh option.

If you must use the Reset option. Read the instructions.
To do a Reset of your Windows 10 system, follow these steps:
 

A Reset procedure will erase personal data from your computer. Backup your files before you continue.


If you have any techical questions I suggest your ask in the Windows 10 Forum.
http://www.bleepingcomputer.com/forums/f/229/windows-10-support/

This is not malware and not my forte.

I will leave this topic open for 6 days.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users