Hello,
I use Avast free for a few years, and recomend it to all of my friends and family.
Today it started to block google (Infektion: URL:Mal), and even for the registration here I had to disable the real time web shield for a minute as the captcha avast uses is from Google’s services
The same problem occurs with google, firefox, internet explorer.
Program and database are updated to the recent version.
Putting http://.google.com/ (and https) into the exclusion list did not solve the problem either.
With fixed subdomain http://www.google.com/* it did not work either.
Re-installing avast did not solve it either.
I attached a screenshot of one of the popups (when loading the captcha of this forum) and in the background the detail info from avast’s website.
This is only an example, it will block any www.google.com URL (so mail.google.com is not affected for some reason).
//EDIT
Sorry for the double attachment. Corrected, added the screenshot of the exlude-list entries
Hi again,
I now used the uninstall utility in safe mode (XP) as mentioned on another thread, re-installed it once again, but the problem remains.
I checked the host textfile to make sure google is not beeing redirected, but that’s not causing the issue either.
I thought this might be the cause as only http*://www.google.* and http*://google.* is beeing blocked, while encryptet/mail/maps/.google.* and 209.85.148.94 works without problems.
Sure, I could use a different search engine, but as many forums and websites use ressources from google (ads, captchas, authentifications…) I get an error on every other website.
Heck, Avast even alerts from google.com/favicon.ico ?
I see no alternative but to switch to a different virus protection if the problem persists. Any more ideas? I give up.
[*]Select All Users
[*]Under the Custom Scan box paste this in netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
/md5stop
%systemdrive%$Recycle.Bin|@;true;true;true
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs
Thank you for the advice!
Here are the textfiles.
I edited three lines where email adresses where shown in the filenames and removed a couple of lines that showed images I created/edited, and I had to upload the files across two posts, as the file upload limit caused problems.
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Just a quick question: What does the MBR have to do with Avast ignoring the exception list and blocking just google? Couldn’t it be some setting/configuration problem after all?
I never used Roguscanner, what info do you need?
I also tried to reset the dns & hosts.
Log
RogueKiller V8.0.4 [09/19/2012] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
Kommentare: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Betriebssystem: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Gestartet in : Normal Modus
Benutzer : Muk [Admin Rechte]
Funktion : Repariert Hosts-Datei -- Datum : 09/19/2012 20:42:13
¤¤¤ Böswillige Prozesse : 2 ¤¤¤
¤¤¤ Registry-Einträge : 0 ¤¤¤
¤¤¤ Treiber : [GELADEN] ¤¤¤
¤¤¤ Infektion : ¤¤¤
¤¤¤ Hosts-Datei: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
ÿþ1
¤¤¤ Zurückgesetzt Hosts-Datei: ¤¤¤
127.0.0.1 localhost
Abgeschlossen : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Terminated 2 x c:\windows\notepad.exe …
MBR
¤¤¤ MBR überprüfen: ¤¤¤
+++++ PhysicalDrive0: ST9160314AS +++++
--- User ---
[MBR] 57c0b583ab24ac6e6898d4de5df0f1d8
[BSP] f321c63d5e6d9e38e7d5808515224b65 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 73790 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 151123455 | Size: 73782 Mo
2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 302230845 | Size: 5004 Mo
3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312480315 | Size: 47 Mo
User = LL1 ... OK!
User = LL2 ... OK!
The hidden partition is the XP restore partition of the netbook.
I removed all exceptions, even though it seems to have no effect anyway, and the alerts occur with all browsers I have installed (IE, FF, O…) as mentioned before.
The alert is still the Network-shield (not webshield, so I suppose that explains why it ignores the exceptions), and is anything from http*://www.google.*, sometimes a URL, sometimes the favico…
Network shield would tend to suggest it is something on your computer as opposed to an external element …
All I have to do now is determine where
Firstly I would like to try and see if it is something within the browser. We can check that out by using safe mode in firefox as that is the quickest and easiest way
Thanks, I tried in FF safe mode, but the problem remains.
As it is in all browsers (an none of them uses a proxy setting atm) I think it’s not something from within the browser.
I just tried to ping google using cmd, time out, no alert. Does time out even when all shields are temporary disabled.
Pinging mail.google.com works though. google.com resolves to 87.125.87.103…
In HKCU\Software\Microsoft\Windows\Currentversion\RunOnce I can’t find anything though.
Two exe in %appdata%, neither avast nor malwarebytes find anything in them. They don’t show up in the regestry, and not in any other or registry or autostart location (msconfig…). The only one I can’t make any sense of is svtrev.exe but could be renamed.
A little confusing is that there’s no evidence of a changed host file either.
Changing DNS to 8.8.8.8 for a moment brings the same result, so no router issue.
Odd, nothing changes even if using the roguekiller hosts/dns fix option. Just localhost/127.0.0.1 in the host-file anyway. It’s location still is %SystemRoot%\System32\drivers\etc, i checked HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath