Avast keeps blocking malicious URLS that I am not trying to visit

Hello,
Avast keeps trying to block a url that I’m not trying to visit. It pops up with the “Malicious URL Blocked” just about every 30 seconds, so I’m assuming I’ve got a virus or something, however I did a scan and a boot-time scan and it came up with 0 infections. This is the message that displays on the Avast website when I click the “malicious url blocked” pop up.

Infection Details
URL: deleted entirely so no one accidentally goes here
Process: C:\Windows\System32\rundll32.exe
Infection: URL:Mal

Any suggestions on what I should be doing to fix this? I did a quick scan with Malwarebytes and that resulted in no infections as well, so I am now using ESET online scanner to test for anything that may be present. Anyway, if I need to provide more information please let me know, I’m getting sort of annoyed of that voice that says “Threat detected” every 10 seconds.

Bananajoe welcome to Avast! forum.

Could you please turn that URL inactive by changing http for hxxp. We don’t want anybody clicking an infected site.

Follow this guide: http://forum.avast.com/index.php?topic=53253.0

and attach ( do not copy/paste ) logs for malwarebytes’, OTL, and aswMBR.exe here:

http://forum.avast.com/index.php?board=4.0

Where a expert in the removal of malware will help you.

Someone from the other subforum said to come back over here for help, so I’m not really sure what I should be doing. I attached everything here. Also I downloaded TDSSKiller but it didn’t come up with any issues as far as I saw.

On completion of this run can you check for alerts

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Philip\AppData\Local\Temp\cusbohcn.sys -- (cusbohcn)

:Files
ipconfig /flushdns /c
C:\Users\Philip\AppData\Roaming.minecraft\sp.DLL

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Some additional info on that malware IP…
That IP has a redirect to: htxp://one-click-result.com. Bright Cloud rep index red 10 meaning High Risk
There is a high probability that the user will be exposed to malicious links or payloads. Malware site. One-click is adware/spyware.
Mentioned in MalwareURL list: domain=184.171.169.131

Follow the instructions from essexboy meticulously, he will help you with the removal,

polonus

I ran the OTL fix as you suggested and then again as a quick scan. I attached the resulting OTL.txt file. So far avast hasn’t popped up saying “Threat has been detected” yet, so I think that’s taken care of the problem! Thanks! Could I ask what exactly was causing that to happen?

As Avast reported the offending programme as run32.dll I knew I was looking for a dll file
I located one that was running and when I checked the file out it was not a legitimate file for that programme
So removing it clears the alerts

I believe it was being run from the driver that I deleted

Let me know tomorrow if the alerts have really gone

The alerts from Avast have stopped, however when I start up my computer I receive this message each time:

“There was a problem starting C:\Users\Philip\AppData\roaming.minecraft\sp.dLL”

Other than that nothing unusual is occurring.

Could you run an OTL quickscan please selecting all users as I need to see what is try to run the bad boy

Here’s the OTL scan

Gotcha, after this run reboot and let me know if the error still pops up

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O4 - HKU\S-1-5-21-1131052956-3060490841-2635200303-1000..\Run: [sp] C:\Windows\system32\rundll32.exe "C:\Users\Philip\AppData\Roaming\.minecraft\sp.DLL",ServiceMain File not found

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Here’s the newest OTL file.

Update: As of this morning no messages have popped up on my computer screen, so I think everything is working fine now, thanks for your help! Is there anything else I should do after this?