Aavast pops up and says Blocked URL and I'm not Browsing

I can either not be browsing at all or on sites that are not infected and Avast will say it blocked a URL
Please Help

try clearing your browser cache/temp files

TFC - Temp File Cleaner by OldTimer
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

did it work?

I think this requires more than just cleaning the temp folders and browser cache. Something has to be active and trying to establish a connection.

Some information of the alerts by avast (URLs and what shield blocked it, probably network shield) might help us.

Change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks

It is being blocked by Avast Network Shield.

Yes, but what is the URL or IP address as that can be checked to confirm the detection by the network shield. What process does/did the network shield say was responsible for the connection, see image example ?

Avast is generally very accurate in these malicious URL blocking alerts.

So as I said this will require more than just cleaning, at the least you will need some analysis tools to try and find what is responsible for trying to make these connections.

The URL is
refullania/set/first.html
and the process is svchost

OK the fact that it is svchost is highly suspect as this normally doesn’t require internet connection unless it is for windows updates and this clearly isn’t for WU.

Unfortunately that is isn’t the full URL as it doesn’t show the first part either the domain name or IP address (a group 4 sets of numbers, up to 3 numbers in each group).

But it will require detailed investigation by someone specialising in this (not me), unfortunately essexboy is probably in bed now (11pm UK time) and he works so is not likely to be on the forums until tomorrow evening.

Check out this topic (http://forum.avast.com/index.php?topic=53253.0), first post and follow the instructions there running MBAM first and post the contents of the MBAM report/log. Follow with running the OTS tool which is used to produce the analysis report and attach the report file to your next post (from the Reply window, click the Additional Options).

So when essexboy or anyone who can analyse the reports can assist.

I had the the same problem but manage to found the hidden file that is triggering the warning by using GMER and sucessfully kill it and delete it, bit defender online scanner identified it in M:\Documents and Settings\User\Start Menu\Programs\Startup\igfxtray.exe → Trojan.Generic.KD.148755, so far it seems ok, hope this help.

Refullania is Carberp trojan command server. Avast is preventing the connection so the bot is not receiving the commands, but there is still undetected bot on your computer.

Monitoring… I have changed to OTS as it gives me the ability to zip files for onwards transmission to Avast ;D

So what can I do to fine the bot?

What was suggested in my Reply #6 above.

You have to visit the link given and read that run the scans and attach the logs/reports so that essexboy has something to analyse and work on a specific fix.