alert [PDF]

Avast community forum

Search

HOME

HELP

SEARCH

LOGIN

REGISTER

Avast WEBforum » Other » Viruses and worms (Moderators: Pavel, Maxx_original, misak) » Constant urlmal-avast-process-cwindowssystem32svchostexe/ alert when browsing « previous next » Pages: [1] 2 3 ... 7 Go Down

Author

PRINT

Topic: Constant urlmal-avast-process-cwindowssystem32svchostexe/ alert when browsing (Read 14914 times)

0 Members and 2 Guests are viewing this topic.

Constant urlmal-avast-process-cwindowssystem32svchostexe/ alert when browsing

Thi3 Jr. Member Posts: 48

« on: May 10, 2016, 08:28:28 PM »

Recently I keep getting Avast alerts about Url:Mal when browsing regular sites. I've noticed its when I'm browsing Imgur and a GIF is loading. Thats normally when the alert happens. Also I'm not sure if its related but my webcam has also stopped working. Logged

Thi3 Jr. Member Posts: 48

Re: Constant urlmal-avast-process-cwindowssystem32svchostexe/ alert when browsing « Reply #1 on: May 10, 2016, 08:34:03 PM »

I've looked at some similar posts and the all say to run FRST64 and ZOEK here is the ZOEK report, and the FRST64 file is attached

Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Thi on 11/05/2016 at 0:58:53.96. Microsoft Windows 10 Home Single Language 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Thi\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 11/05/2016 00:59:59 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Lenovo deleted successfully C:\Program Files\McAfee deleted successfully C:\PROGRA~3\Comms deleted successfully C:\Users\Thi\App [06/05/2016 01:43] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "[email protected]"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [06/05/2016 01:43] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eedgghdcpmmmilkmfpnklknlenbiolec - No path found[] eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[06/05/2016 01:43] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/05/2016 01:43] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[29/04/2016 15:53] Sad Panda - Thi\App New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q= {searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q= {searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IESearchBox&FORM=IESR02 ==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Thi\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Thi\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Thi\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Thi\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Thi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=65 folders=43 43231682 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Thi\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 11/05/2016 at 1:19:16.83 ====================== Logged

Re: Constant urlmal-avast-processcwindowssystem32svchostexe/ alert when browsing

Pondus Avast Überevangelist Probably Bot

« Reply #2 on: May 10, 2016, 08:37:38 PM »

if you have a screenshot of avast poup warning, post that also expert should be online soon ... Logged Posts: 34190

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.

Re: Constant urlmal-avast-processcwindowssystem32svchostexe/ alert when browsing

essexboy Malware removal instructor Avast Überevangelist Probably Bot

« Reply #3 on: May 10, 2016, 08:49:55 PM »

Could you let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer Open notepad and copy/paste the text in the quotebox below into it: Posts: 40641 Dragons by Sasha

Quote CreateRestorePoint: HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => No File ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Thi\AppData\Local\MEGAsync\ShellExtX64.dll No File ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Thi\AppData\Local\MEGAsync\ShellExtX64.dll No File ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Thi\AppData\Local\MEGAsync\ShellExtX64.dll No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Thi\AppData\Local\MEGAsync\ShellExtX32.dll No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Thi\AppData\Local\MEGAsync\ShellExtX32.dll No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Thi\AppData\Local\MEGAsync\ShellExtX32.dll No File FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found C:\Users\Thi\AppData\Local\ZDUbywVu Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe Run FRST and press Fix On completion a log will be generated please post that THEN Please download AdwCleaner by Xplode onto your desktop. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click on Scan. After the scan is complete click on "Clean" Confirm each time with Ok. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile with your next answer. You can find the logfile at C:\AdwCleaner[S0].txt as well. Logged

Thi3 Jr. Member Posts: 48

Re: Constant urlmal-avast-process-cwindowssystem32svchostexe/ alert when browsing « Reply #4 on: May 11, 2016, 03:59:35 AM »

# AdwCleaner v5.116 - Logfile created 11/05/2016 at 08:46:50 # Updated 09/05/2016 by Xplode # Database : 2016-05-09.1 [Server] # Operating system : Windows 10 Home Single Language (X64) # Username : Thi - THI-PC # Running from : C:\Users\Thi\Desktop\AdwCleaner.exe # Option : Clean # Support : http://toolslib.net/forum ***** [ Services ] *****

***** [ Folders ] ***** [-] Folder Deleted : C:\Users\Thi\AppData\Local\YSearchUtil ***** [ Files ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\hdcode [-] Key Deleted : HKLM\SOFTWARE\SupDp [-] Key Deleted : HKLM\SOFTWARE\V9 [-] Key Deleted : HKLM\SOFTWARE\winzipersvc [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-homes.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.delta-homes.com ***** [ Web browsers ] ***** [-] [C:\Users\Thi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://search.deltahomes.com/webfavicon.ico ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [1307 bytes] - [11/05/2016 08:46:50] C:\AdwCleaner\AdwCleaner[S1].txt - [1322 bytes] - [11/05/2016 08:43:10] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1453 bytes] ########## Logged

Thi3 Jr. Member Posts: 48

Re: Constant urlmal-avast-process-cwindowssystem32svchostexe/ alert when browsing « Reply #5 on: May 11, 2016, 04:04:33 AM »

Thanks essexboy! Though I've just tried chrome again and the alert still pops up heres a screen shot

Logged

Pondus Avast Überevangelist Probably Bot

Re: Constant urlmal-avast-processcwindowssystem32svchostexe/ alert when browsing « Reply #6 on: May 11, 2016, 07:35:20 AM »

Do you have Facebook Video Downloader extension installed? Logged Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2. Posts: 34190

Thi3 Jr. Member Posts: 48

Re: Constant urlmal-avast-processcwindowssystem32svchostexe/ alert when browsing « Reply #7 on: May 11, 2016, 10:24:42 AM »

I don't know, I don't think so. Should I uninstall this or make sure I have it installed. Thankyou! Logged

Pondus Avast Überevangelist Probably Bot

Re: Constant urlmal-avast-processcwindowssystem32svchostexe/ alert when browsing « Reply #8 on: May 11, 2016, 11:17:43 AM »

If you have it, uninstall and see if the popup goes away essexboy will be back online later today Logged Posts: 34190

Thi3 Jr. Member Posts: 48

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.

Re: Constant urlmal-avast-processcwindowssystem32svchostexe/ alert when browsing « Reply #9 on: May 11, 2016, 11:40:59 AM »

I looked on 'Programs and Features", 'Extensions' and did a search but no 'Facebook Video Downloader extension', so I don't think I have it Logged

essexboy Malware removal instructor Avast Überevangelist Probably Bot

Re: Constant urlmal-avast-processcwindowssystem32svchostexe/ alert when browsing « Reply #10 on: May 11, 2016, 01:25:29 PM »

Nope, the much vaunted security of Chrome has failed again.. First run Chrome in Incognito mode https://support.google.com/chrome/answer/95464? hl=en-GB Does that stop the alerts ? If not then :

Re-install Chrome Posts: 40641 Dragons by Sasha

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks 2. Go into the dashboard. Log in. https://www.google.com/settings/dashboard?hl=en 3. Scroll down to “Chrome Sync” and click Stop sync and delete data from Google link“ 4. Click Stop sync and delete data from Google button 5. Now we need to uninstall chrome. Note: When asked about user data or settings you must remove this also so please check the box. 6. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome 7. Import your bookmarks back into Chrome 8. Sign back in to your Chrome browser so that your bookmarks sync with your online account. Logged

Thi3 Jr. Member Posts: 48

Re: Constant urlmal-avast-processcwindowssystem32svchostexe/ alert when browsing « Reply #11 on: May 11, 2016, 02:56:42 PM »

Ok I've done the uninstall and restarted though when I reinstalled chrome, the bookmarks were still up, there wasn't an option to remove user data or settings, just browser history. Did I do it wrong? :S .... and the alert still happens! -.- Shall I just flag it as a false positive? Was there anything malicious on my laptop? Really appreciate the help guys, thank you for taking some time to help me « Last Edit: May 11, 2016, 02:59:58 PM by Thi3 »

Lotan Sr. Member Posts: 280

Logged

Re: Constant urlmal-avast-processcwindowssystem32svchostexe/ alert when browsing « Reply #12 on: May 11, 2016, 03:14:38 PM »

do you still get the alerts when you run in incogneto mode? Logged

Thi3 Jr. Member Posts: 48

Re: Constant urlmal-avast-processcwindowssystem32svchostexe/ alert when browsing « Reply #13 on: May 11, 2016, 08:17:50 PM »

Yep unfortunately, still happens in incognito mode Logged

essexboy Malware removal instructor Avast Überevangelist Probably Bot

Re: Constant urlmal-avast-processcwindowssystem32svchostexe/ alert when browsing « Reply #14 on: May 11, 2016, 08:44:33 PM »

When you uninstalled chrome did you do this When asked about user data or settings you must remove this also so please check the box. Logged

Posts: 40641 Dragons by Sasha

Pages: [1] 2 3 ... 7 Go Up

PRINT

« previous next » Avast WEBforum » Other » Viruses and worms (Moderators: Pavel, Maxx_original, misak) » Constant urlmal-avast-process-cwindowssystem32svchostexe/ alert when browsing

Jump to: => Viruses and worms

SMF 2.0.15 | SMF © 2015, Simple Machines XHTML RSS WAP2 Page created in 0.048 seconds with 20 queries.

go