Hello.
Last night Avast alerted me several times in a row that it was blocking a suspicious URL that I was not manually visiting.
The error message was this:
object:
95.143.193.171/bWFza3N8ZWYz0DQ0YmM3NWVhZJl2NWZiZWFlMJgZtg0Zj
Infection: URL: Mal
Action: Blocked
Process: C:\WINDOWS\System32\svchost.exe
And I’ve found that while browsing in firefox 4, it will periodically open a new tab to a suspicious web page
Alternately, I’ve found I also cannot access windows update, which I assume is related to this.
After some searching, I’ve discovered I seem to have almost exactly the same problem as this person:
http://forum.avast.com/index.php?topic=77998.0
(also this user, too: http://forum.avast.com/index.php?topic=77333.0)
I noticed my avast messages sometimes include the block urled of “longtrip-todayz.com”, just like his avast window.
What I’ve done so far:
Ran Malware Bytes scan (log attached), no results
Ran Avast boot scan, no results
Ran CWshredder, no results
Ran aswMBR, similar results to the user who was experiencing the same problem (log attached)
Opted to “fix” after the scan, rebooted
Same avast error messages persist, and running aswMBR again brings the same results.
Ran OTS (log attached) with the following parameters:
[i] Select All Users
Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT[/i]
Ran hijack this (log attached)
Panicked (log not attached)
I would forever be in your debt if you could help me in the slightest.
Thank you in advance!