Switching on my machine today I got a warning from Avast reporting my copy of ObjectDock as a malicious URL. I’ve been using ObjectDock for years, without any problems at all. I scanned my copy with both MBAM and Avast itself (both updated), but they both reported it clean. Rebooting resulted in the same warning. Oddly, just before I got the initial threat warning from Avast I also got a Windows error message referring to Avast as having had a memory access error…
Any thoughts?
Running Windows XP SP3 on a 6-year-old Dell Dimension 3000.
Many thanks,
Christopher
P.S: Also did a quick system scan with MBAM and it found nothing.
Thanks David. I have avast free 6.0.1367, database 120129-0 (I updated both after the initial warning). I don’t have access to a screenshot of the ObjectDock warning, but as far as I remember it was just a straightforward URL:Mal report, referencing the location of ObjectDock on my machine (a standard install, in Program Files). Rebooting my machine again didn’t produce that warning, but did produce the initial Windows error again (see attached png).
I doubt the avastsvc.exe error was anything to do with a MAL:URL alert (which aren’t all straight forward).
Have you got any other security software installed, firewall, anti-spyware, etc. ?
Have you had any previous anti-virus installed on this system and if so what ?
Try a repair of avast:
XP - Add Remove programs, select ‘avast! Anti-Virus,’ click the Change/Remove button and scroll down to Repair, click next and follow.
OK I repaired Avast and on reboot I got the application error message again, and the ObjectDock URL:Mal warning (see attached png). Windows explorer also crashed.
Rebooted yet again and left the machine sit for a while. Then I started Opera and almost immediately got the URL:Mal. So, oddly, it looks as if it’s something to do with Opera, or perhaps more likely one of the 50-or-so tabbed pages I have open in it at the moment. I’ll try some other browsers to see if I get the same problem.
OK after another reboot I tried both IE and Firefox and got no problems. But when I launched Opera I got the URL:Mal again. Clicking on ‘More details…’ the resulting Avast report page showed the URL to actually be the following (I’ve removed the http:// so it can’t accidentally be clicked):
173.236.35.99/click.php?s
No idea what that is… but it’s probably on one of the pages I have open in Opera. Is there a way I can find it without having to manually search through each tab?
No idea what that is... but it's probably on one of the pages I have open in Opera. Is there a way I can find it without having to manually search through each tab?
I find this on that particular IP in the snort iplist:
-173.236.35.99/click.php?
-173.236.35.99/click.php?s=eAElVNeSozoQ_ZetmleXkETa-0QwNmByMrwRTJ7BJhnz9ZfRVkklndPdR-pSt6a_FOTw3z_1PD-_kPAFlWOw-ERR7Ini4IkDB66G07M-
-173.236.35.99/click.php?s=eAElVNmygjgQ_Zepuq8WhAhx5gkIi2yKAgJv7KvsiPr1w82tCpV09-mTTuiT-V-aObL__lMuy_DD8D9A3gcHDzTNHWgEDoja7aI_DOUeltcq_WHwEUKW-
-173.236.35.99/click.php?s=eAElVNmyojAQ_Zepuq9WQsI28wTIqoBcIiDyxr7Jvih-_XCxKkuf9OmTpKuT8S8kKPD3Tz5N3Q_ifghpazQ-QEgfIEMcGLDhrD10-eaW5lwi_kFHEmMK_RDU-
-173.236.35.99/click.php?s=eAEVVNmOqzoQ_JcjzesI25Dl3Fwn52C8gIcBk5D4jTiTjbA4MwzL11_SqpbtUrmtbpX8_ReAFfr75_rz074h_AaDGeb91rZmqB7v9dfPi0LB6Q351zlcIliaCJ6vEnWXJpOjFP7MrS8HiM-
-173.236.56.93/click.php?s=eAE1UN1qXkEIfJfAuT24_m9yFVryHuvqko-GJOSkff7uVygozuggo9cjkzw-vH5_fx70fODLDvWzaT9dT0TdfL7d5q_z83UrXuZBPxPRYY1SEgPAMDVcXDCnXCKzSUp4xurex9jzHlXFUymxeGmiteygMgsBOaorSJFvQXAb6m0aGRPSkD7TXFw4NGyQFUQQupWkWlaEcLW15lxcLHt5c8KRUj6id-KxVhpBsz518CTXgIA0mL665OyWNEPFKdsIjmXNY-JcMPTlxNtcJ1TpGizLjPYNEKNDmc-Cw340a3YvO5VPbHwKnQ3uox1wAjTc4Gvk7bo-3g8UhKv-1H80rn-t-fX7dtW1lSkNKvef0jFSaG17mJnVO3PT-7JGDZTAXTche3j6C0oEd8Q,
So there is a reason for flagging this particular IP!
@ Sea_of_Cortez
In the Opera docklets does that load links to websites (default home pages, etc.) ?
If so, try eliminating them one at a time to find the culprit site. It is possible that one of the home pages could be loading an ad and that could be attempting to connect to a poisoned ad network.
It looks like the network shield is confused by the fact that objectdock is launching Opera, so it is considering that the parent process and not Opera.
Other wise I can’t see any reason why it (objectdock) would need to connect, much less to a site which the network shield considers malicious.
I just have Google set as the homepage for all the browsers I start from ObjectDock (Firefox, Opera, IE). All my other docked applications start normally. It’s only Opera that seems to have issues.
Indeed if I start Opera straight from its folder in Program Files I don’t get any warning from Avast.
Ok, so I closed some of the (many) tabs I had open in Opera and rebooted, and now starting Opera from ObjectDock doesn’t cause a problem. That’s just a one-off, I know, so I’ll check it a few more times to make sure. But my guess is that one of those pages contained some sort of malicious link.
However, that is why I suggested closing them one at a time to pin down the true culprit. If it does resolve it over the longer term you are going to have to add the tabs back one at a time and close Opera and open Opera from objectdock and see if you can reproduce the problem.