Please help, not sure if I have a virus or if avast is stopping a virus. Per avast network shield information they have stopped 7 for Infection Details
URL:
Process: C:\Users\Ann\AppData\Local\Google\Chrome…
Infection: URL:Mal
I was doing google search I believe when all was received and/or trying to access an URL that I had found thru the search.
hey i suggest you follow this guide and et a malware expert check it.
http://forum.avast.com/index.php?topic=53253.0
according the file name it sounds like a bad addon you might have or not installed.
URL: ? ? ? ? ? Process: C:\Users\Ann\AppData\Local\Google\Chrome... Infection: URL:Malyou dont say what URL but if it was afe.specificclick.net search the forum for info
Having same problem today when checking white pages directory, get message MALICIOUS URL BLOCKED, when i go to more details it shows it is: Infection Details
URL: http://afe.specificclick.net/serve/v
Process: C:\Users\Ann\AppData\Local\Google\Chrome…
Infection: URL
I’ve searched the forum and so far am unable to locate information or procedures on how to fix or remove the threat if it’s truly one. Please help, thank you
Here are 4 of the report, will attach mbam next
don’t believe the others sent previously were saved in ansi mode, so attached again
Ok went to forum to review replys, saw one where essexboy assisted with a clean up and the problem still existed, so exxexboy recommended google chrome be uninstalled and then reinstalled. I uninstalled google and tried a google search and I didn’t get the message from avast blocking that URL. Thank you for you help, guess this can be closed unless the problem comes back again later
Here is the reply i read on another having the same problem:
essexboy
avast! Überevangelist
Maybe Bot
Posts: 19868
Gender:
Dragons by Sasha
Re: URL: MAL pop up
« Reply #13 on: Yesterday at 09:21:37 PM »
Quote
OK unfortunately that means you will have to totally uninstall Chrome and then re-install it
Details are here http://support.google.com/chrome/bin/answer.py?hl=en&answer=111899
Report to moderator Logged
oh well it’s back after i uninstalled and reinstalled, the 1st time i tried it was ok, but just happened when i did search for white pages: Infection Details
URL: http://afe.specificclick.net/?l
Process: C:\Program Files (x86)\Google\Chrome\App…
Infection: URL:Mal
Hello,
on what IP address does the “afe.specificclick.net” resolves to you?
Milos
Milos,
If right it should point to 216.178.47.37 Beverly Hills. But it should be interesting to know where it points to for those affected by it.
polonus
not sure, where can I find this information? I thought I had saved the information on the previous blocked warning but I guess I didn’t. The information was showing under network shield for 02/12/12 but nothing is showing as of today. I tried doing google searches to see if I would get the message today and so far nothing. I take it that I am infected then? Since you have some information on this threat can it now be easily removed from my computer? Please let me know if there are any logs of 02/12 network sheilds so that I can provide you with the information you requested. Or is there some other area I can look to provide you with this information? Thanks again for all you help.
Well last nite I lost all connection to the internet (hope it had nothing to do with the above) , so far today I haven’t gotten any warnings. I did remove one file other nite when I was going thru all the programs on the computer, Pressrelease maybe. something press, was put on here in 2010, had to be a file on computer when it was purchased. So is this it? As I mentioned above it seems Avast knows something about this per the one question on the IP address. So has the threat been removed now?
DID YOU ALL FORGET ABOUT ME?
so it seems
malware removers are notified and will check the logs
Hi sorry you were missed
Please download to your desktop Short cut cleaner
Then run.
https://dl.dropbox.com/u/73555776/sc%20cleaner.JPG
When the Shortcut Cleaner has finished scanning your hard drive it will create a log file on your desktop called sc-cleaner.txt and then display it.
Please post that log
THEN
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledAddons: %7BB3834E60-12A8-11E0-A289-939FDFD72085%7D:2.0.1
[2012/09/21 17:23:52 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\eczuxhq3.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/09/16 16:56:11 | 000,000,000 | ---D | M] (Search Assistant) -- C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\eczuxhq3.default\extensions\{B3834E60-12A8-11E0-A289-939FDFD72085}
[2012/04/28 15:37:19 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\eczuxhq3.default\extensions\appbar@alot.com
[2011/02/13 06:40:12 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\eczuxhq3.default\extensions\searchtoolbar@zugo.com
[2012/01/09 23:54:00 | 000,001,742 | ---- | M] () -- C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\eczuxhq3.default\searchplugins\search-the-web.xml
O3 - HKU\S-1-5-21-2731395502-1286736164-1658964139-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
[2013/02/12 13:06:01 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2013/02/12 10:55:25 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-2731395502-1286736164-1658964139-1001.job
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
tyvm, but now I seem to be having more problems, I mentioned above that I keep losing my internet service, well I worked with support and even had a tech out to home to check to make sure all was ok. Technician said broadband was operating at 100%. But Tech Support noted I had a lot of devices both wired and wireless on my network which could be causing problems. For some reason my Home desktop computer showed as wired access and wireless, I was aware of wired (ethernet), . (MY COMPUTER NAME IS ANN-HP, SO I ON MY NETWORK IT LISTED ANN-HP WIRED AND THEN ANOTHER AS ANN-HP WIRELESS), so we disconnected the wireless ANN-HP. We didn’t do anything with other devices because I wasn’t sure which belonged to the household because I do use wireless for cell phones, WII and Xbox so wasn’t sure what wireless devices I should disconnect. Well today all was here so was able to begin to try to identify each device. Notied that the wireless ANN-HP is back. What concerns me is that when I researched the MAC address for that device this is what I get:
Company Liteon Technology Corporation
Prefix 1C:65:9D
Address space 1C:65:9D:00:00:00 - 1C:65:9D:FF:FF:FF
Address 4F,90,Chien 1 Road,ChungHo,Taipei Hsien,
Taipei 23585
Taiwan, Republic Of China
Has my computer been hacked?
Oh I just saw that it’s a page 2 to this now, so doing what Essexboy advised now.
I modified this msg to attach the OTL and sc cleaner. Thank you again for helping me. fyi: i just added norton free trial after I got no response for over week, but have always used and been satisfied with Avast, so will be removing norton now.
Liteon Technology Corporation is the manufacturer of your wireless card
So you have a wireless card in your computer
Could you go Start > All Programs > Accessories
Right click Command Prompt and select Run as Administrator
In the black box that opens type the following commands and press enter after each line :
Ipconfig /release
Ipconfig /renew
Ipconfig /flushdns
Reboot and try the net again
I did the ipconfigs, I noticed when I did the 2nd one (renew) there was a message in black box about unable to do something …, couldn’t read it all because it disappeared really fast, however the process did do something after that. I rebooted and internet is ok, however I had access prior to that. I periodically lose connection. One time I lost it for a day, other times it was just minutes and after I reset the router all is ok again, and sometimes I have to reset router numerous times to get it back. Also I haven’t been getting any alerts from Avast blocking any URL’s. Does that mean what I had was removed? or did Avast just turn it off so we no longer get the message? Or did the redirect go in hiding and waiting to start again soon, lol. It was mentioned above that an IP address believed to belong to CA? I understand they wanted to see where mines was pointing to. Is there any way to review the old network shield info on Avast to get that information? Please advise.
OK lets look at your network data. The redirects should no longer be apparent as I feel we killed that
Please download MiniToolBox, save it to your desktop and run it.
https://dl.dropbox.com/u/73555776/minitoolbox.JPG
Checkmark the following checkboxes:
[]Flush DNS
[]Report IE Proxy Settings
[]Reset IE Proxy Settings
[]Report FF Proxy Settings
[]Reset FF Proxy Settings
[]List content of Hosts
[]List IP configuration
[]List Winsock Entries
[]List last 10 Event Viewer log
[]List Installed Programs
[]List Devices
[]List Users, Partitions and Memory size.
[*]List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using “Reset FF Proxy Settings” option Firefox should be closed.