Solved URL:Mal Connection from svchost.exe

champo

New Member
Joined
Aug 3, 2018
Messages
7
OS
Windows 10
Antivirus
Avast
#1
Hello,

About 2-3 weeks ago I started getting pop-ups from my Avast Antivirus indicating that it was blocking a connection that was infected with URL:Mal (see attached screenshot). In response to this, I ran a number of malware removal programs, including MalwareBytes, Hitman Pro, Emsisoft Emergency Kit and another program (which I can no longer recall the name of). Following these scans, the problem seemed to resolve itself in so far as I didn't see any further pop-ups from Avast for a while.

The problem now seems to have returned, and running the aforementioned programs has not resolved the issue this time, and no infections were identified. This infected connection is now being attempted every 10 minutes on the dot.

I have run Farbar Recovery Scan tool, and attached the reports.

Thanks in advance for your assistance. It is very late here, so I will be heading off to bed shortly, however will check for updates first thing in the morning.

Kind regards
 
Operating System
Windows 10
Are you using a 32-bit or 64-bit operating system?
64-bit (x64)
Logs added to Help Request
FRST.txt, Addition.txt

Attachments

TwinHeadedEagle

Removal Expert
MalwareTips Staff
Joined
Mar 8, 2013
Messages
22,277
OS
Windows 10
Antivirus
ESET
#2
Hello,


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

Likes: champo

champo

New Member
Joined
Aug 3, 2018
Messages
7
OS
Windows 10
Antivirus
Avast
#3
Thanks TwinHeadedEagle.

As an update (and it may be meaningless), but the URL:Mal connection popped up immediately after running the above fix.
 

Attachments

TwinHeadedEagle

Removal Expert
MalwareTips Staff
Joined
Mar 8, 2013
Messages
22,277
OS
Windows 10
Antivirus
ESET
#4
Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.


Let me know if this fixed it.
 

Attachments

Likes: champo

champo

New Member
Joined
Aug 3, 2018
Messages
7
OS
Windows 10
Antivirus
Avast
#5
Thanks again TwinHeadedEagle.

I have only just turned my PC on for the day, and the first attack came at 8:22pm (my time). I have run the above fix, and waited 10 minutes from the original attack (the previous frequency of attacks) and I received a notification from Avast at 8:32pm of a URL:Mal connection being blocked.
 

Attachments

TwinHeadedEagle

Removal Expert
MalwareTips Staff
Joined
Mar 8, 2013
Messages
22,277
OS
Windows 10
Antivirus
ESET
#6
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.


  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 
Likes: champo

TwinHeadedEagle

Removal Expert
MalwareTips Staff
Joined
Mar 8, 2013
Messages
22,277
OS
Windows 10
Antivirus
ESET
#8
Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam.
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Quarantine Selected button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the Reports tab.
  • Double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
 
Likes: champo

champo

New Member
Joined
Aug 3, 2018
Messages
7
OS
Windows 10
Antivirus
Avast
#9
Hi TwinHeadedEagle,

Malwarebytes detected and quarantined 11 infections (scanned at 11:46am). See Scan Log.

Strangely, Malwarebytes immediately after the scan blocked a connection/website (11:50am) - seemingly the same infection (I've attached the Malwarebytes report for your information). Interestingly, thereafter neither Avast nor Malwarebytes detected/blocked any further connections.
 

Attachments

TwinHeadedEagle

Removal Expert
MalwareTips Staff
Joined
Mar 8, 2013
Messages
22,277
OS
Windows 10
Antivirus
ESET
#10
How is the situation now?


Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.


  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 
Joined
Aug 3, 2018
Messages
7
OS
Windows 10
Antivirus
Avast
#13
Thanks so much TwinHeadedEagle, really appreciate your assistance!

I’m curious if you can provide any insight into the likely source of infection based on the logs I’ve provided, or just your general experience?

It’d be nice if I can take steps to avoid this reoccurring in the future!
 
Forgot your password?