URL:MAL removal assistance

[TheBoomBurst]

Hello,

I keep getting this annoying continuous Pop-ups from Avast Antivirus indicating that a threat is detected and stating a URL:MAL infection is blocked. This problem occurs with certain websites, but the problem is some of those websites are trusted, such as the WWE.com homepage, and at times- with Facebook and Twitter; but that's very rare.

I tried following the steps listed in one of your blogs (URL:Mal detected by Avast Antivirus. Is this a virus?) to remove the Malware but that didn't work! The Anti-Malware applications listed in the thread removed some infections but still, the URL:MAL is still there and it's extremely annoying!

I'm using Lenovo IdeaPad Z570, Windows 7 Home Premium 64-bit. I thought about using the OneKey Recovery tool to restore the system into it's initial state, but I thought I could try one last shot by contacting you.

Thank you for your time.

 

[TwinHeadedEagle]

Hello,


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
  
  
  
  
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[TheBoomBurst]

Thank you for taking the time to try to resolve my issue.
Much appreciated.

Here are the two text-files.

 

[TwinHeadedEagle]

Please download Zemana AntiMalware and save it to your Desktop.

• Install the program and once the installation is complete it will start automatically.
• Without changing any options, press Scan to begin.
• After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.​

• Open Zemana AntiMalware again.
• Click on
  
  icon and double click the latest report.
• Now click File > Save As and choose your Desktop before pressing Save.
• The only left thing is to attach saved report in your next message.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns >>"%temp%\log.txt";b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

 

[TheBoomBurst]

Hello,
Sorry for the delay.

I've done what you noted. Here are the text files:

 

[TwinHeadedEagle]

How is your PC behaving now?

 

[TheBoomBurst]

The Malware is still associated with the same websites as before! Every time I hit those websites an alert pops-up.

 

[TwinHeadedEagle]

Does it happen on all websites?

 

[TheBoomBurst]

No not at all.
Certain websites - the problem is it also happens with the WWE website! That what made me suspicious in the first place... I mean this is a pretty decent company and there site should be trusted. Don't you agree?

 

[TwinHeadedEagle]

Yeah, if it doesn't happen on all websites and in all browsers, then it is either website related or some Avast bug.

 

[TheBoomBurst]

I tried Internet Explorer as well, it happens with the same website but more annoyingly. Should I try uninstalling avast and reinstalling it again? Will that help with the bug?

 

[TheBoomBurst]

Btw, another thing... Avast sometimes doesn't give alerts!! And I'm talking about the same websites that usually activate the alerts

 

[TwinHeadedEagle]

Let's see if there is active infection:

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[TheBoomBurst]

Again, thank you very much for taking the time to work with me.
Here are the text files:

 

[TheBoomBurst]

Sorry I hit the Reply button too fast! Here you go:

 

[TwinHeadedEagle]

I don't see obvious signs of infection. How is your PC behaving now?

 

[TheBoomBurst]

The same.
Will uninstalling avast and reinstalling it help with the bug?

 

[TwinHeadedEagle]

Yes, please uninstall it and download the latest version from this link:

Avast | Download Free Antivirus for PC, Mac & Android

 

[TheBoomBurst]

I tried, didn't work!
I recovered my system to it's initial state STILL Avast gives the same alerts... that's VERY disturbing!
It usually looks like this:

 

[TheBoomBurst]

Like: