Hello,
Avast keeps trying to block a url that I’m not trying to visit. It pops up with the “Malicious URL Blocked” just about every 30 seconds, so I’m assuming I’ve got a virus or something, however I did a scan and a boot-time scan and it came up with 0 infections. This is the message that displays on the Avast website when I click the “malicious url blocked” pop up.
Infection Details
URL: deleted entirely so no one accidentally goes here
Process: C:\Windows\System32\rundll32.exe
Infection: URL:Mal
Any suggestions on what I should be doing to fix this? I did a quick scan with Malwarebytes and that resulted in no infections as well, so I am now using ESET online scanner to test for anything that may be present. Anyway, if I need to provide more information please let me know, I’m getting sort of annoyed of that voice that says “Threat detected” every 10 seconds.
Someone from the other subforum said to come back over here for help, so I’m not really sure what I should be doing. I attached everything here. Also I downloaded TDSSKiller but it didn’t come up with any issues as far as I saw.
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Some additional info on that malware IP…
That IP has a redirect to: htxp://one-click-result.com. Bright Cloud rep index red 10 meaning High Risk
There is a high probability that the user will be exposed to malicious links or payloads. Malware site. One-click is adware/spyware.
Mentioned in MalwareURL list: domain=184.171.169.131
Follow the instructions from essexboy meticulously, he will help you with the removal,
I ran the OTL fix as you suggested and then again as a quick scan. I attached the resulting OTL.txt file. So far avast hasn’t popped up saying “Threat has been detected” yet, so I think that’s taken care of the problem! Thanks! Could I ask what exactly was causing that to happen?
As Avast reported the offending programme as run32.dll I knew I was looking for a dll file
I located one that was running and when I checked the file out it was not a legitimate file for that programme
So removing it clears the alerts
I believe it was being run from the driver that I deleted
Let me know tomorrow if the alerts have really gone
Gotcha, after this run reboot and let me know if the error still pops up
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O4 - HKU\S-1-5-21-1131052956-3060490841-2635200303-1000..\Run: [sp] C:\Windows\system32\rundll32.exe "C:\Users\Philip\AppData\Roaming\.minecraft\sp.DLL",ServiceMain File not found
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Update: As of this morning no messages have popped up on my computer screen, so I think everything is working fine now, thanks for your help! Is there anything else I should do after this?