Blocked web keep poping

At the start there was a .zip file in my mail and i opened it (it was from well known companie) later i discover in their forum that it was attack from some hackers that send thise .zip files to their clients.

I made a full scan on my computer.
A pop-up keep poping saying that URL is being blocked, then it increased to 4 URL’s. Now they keep poping on my screen, i dont enter their websites.

What are my chances?
Thanks/

Can you post an image of the avast alert window (attach it to your post using the “Attachments and other options” link below the reply window).

  • This needs further analysis by a malware removal specialist:
    Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

please excuse me for the background

Looks like something is misusing wuauclt.exe, Windows Update AutoUpdate Client, to connect to malicious sites (assuming that this is a legit wuauclt.exe file), http://www.neuber.com/taskmanager/process/wuauclt.exe.html. There would obviously be no legit reason for this file to connect to this site.

So avast is preventing it download more malware.

  • This needs further analysis by a malware removal specialist:
    Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

Ok there are the logs, sorry for renaming the first one (i copied it and paste it in new .txt file, sorry) its from MalwareBytes, wich is blocking a malware.

OK, it may be a little while before one of the malware removal specialists can check them out (time zone).

Ok i will wait, but one question. I did a scan with Avast! Free but the malware was still inside my computer (they were 3).

What were the file names, folders and malware name of the detections ?

Hopefully essexboy should be on-line soon, he should be back from work soon.

Hi I will need to use something a tad stronger

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[]Accept the disclaimer and allow to update if it asks
[
]Allow the installation of the recovery console

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Thanks for joining the topic essexboy.

I pressed Exit on MalwareBytes, then ComboFix asked me to make other machine. MalwareBytes turned on after the reboot was done.
Im sure i saw MalwareBytes blocked that incoming malicious website after the reboot, once.

Is Avast still alerting now ?

MalwareBytes just alerted now, Avast! didnt

I must admit I am getting a tad tired of the aggressive nature of MBAM in its blocking

Could you post the blocking log please so that I can see what it is alerting on

The after scan window says No malicious items were detected.

Ah sorry I meant the logs under the protection tab - that should show the IP’s blocked

Sorry i didnt understand you well, but here i take a screen

Ah OK I remember now (I have uninstalled MBAM from my system)

Under the logs tab should be a protection log… Could you post that one please

MB also blocks that address on my system.


http://my.jetscreenshot.com/2701/m_20120523-8uka-52kb.jpg