199.80.55.19

I keep getting a message saying Avast has blocked a malicious site in my svchost file but when I run a scan and also run my Malware program (Malawarebytes) it isn;t bieng picked up though I am sure there is something sat in there hiding
any ideas how to remove it?
thanks
Mike

can you post a screen shot of the avast pop-up…
you may right click the avast ball and “show last pop-up”…

It is a website that has been blocked.
If it says that it is in your svchost file, it is incorrect.
svchost is generic host process used to run dll’s.
Are you sure it didn’t say host file?

If avast says a site is blocked, it means you can’t visited it.
That also means no temporary file(s) from that site are on your system.
Which means, there is nothing to remove.

it wont copy but it says
199/80.55.19/go.php?uid=40282&suid=u6t0y&date=8rmeNSnFroTK(
Infection: URL:Mal
Action: Blocked
Process: c:\WINDOWS\System32\svchost.exe

but I keep getting this error message every half hour or so and can’t find a way to remove what is causing it
there is definitely something trying to access this website

Hi there this sounds like a proxy problem

First

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer

And for Firefox there are instructions on this page and you want the setting to be no proxy

Then

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
CREATERESTOREPOINT

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

Description of the malware here: http://www.threatexpert.com/report.aspx?md5=203add17ccb6f3ecfd5e6c33a64e55af

polonus

Polonus-

Thanks for the link. That is perhaps the most detailed report of this malware I have seen yet. It also has some very similar characteristics to what I have been experiencing. Where do you find a fix? Do you agree with the solution posted by essexboy below?

There are probably the jobs still to remove - unless you have removed them yourself

I often get the same notification and was wondering if the solution posted by essexboy would be the best way to go about it…

It is always worth doing a check as automated removal tools may not get it all