Google is suddenly a threat???

I’m using Avast Free, the latest version. Suddenly, every time I go to Google, a warning pops up saying some malware has been blocked. If I search for anything on Google, another popup, same warning.

What’s going on? Why the sudden problem with Google?

Can you post a screenshot of the avast alert.

There is a possibility that your google connections are being redirected.

There is even a possibility you were infected and need the assistance of a qualified malware removal expert here…

polonus

Hello,
post the output of command “ping google.com” to see on which IP it resolves.

Milos

Here is the popup alert:

http://imageshack.us/a/img705/2782/popupj.jpg

Here’s the ping result:

http://imageshack.us/a/img163/5569/pingsmk.jpg

I ran a quick scan with Malwarebytes. It found and removed three items – but I’m still getting the same popup flagging the same infection HTML: Script-inf … whatever that means.

Here’s what Malwarebytes found and removed:

Files Detected: 3
C:\Users\User1\AppData\Local\Temp\soMHaDJc.zip.part (Trojan.Downloader.DFL) → Quarantined and deleted successfully.
C:\Users\User1\Local Settings\mptcbmmb.exe (Trojan.Downloader.DFL) → Quarantined and deleted successfully.
C:\Users\User1\Local Settings\Application Data\mptcbmmb.exe (Trojan.Downloader.DFL) → Quarantined and deleted successfully.

EDIT: I get the same popup when I open other search engines (Bing, Yahoo), and also get it when I use IE instead of Firefox.

Evidently it’s a false positive:

http://forum.avast.com/index.php?topic=74347.msg616228#msg616228

EDIT: On the other hand, that was two months ago, so …

Could be a FP or the results of two av solutions installed,

polonus

Could be a FP or the results of two av solutions installed,

I found that Microsoft Security Essentials was also running, so I shut that down. Still getting the popup.

Whilst it may not be conflict between the two AVs, just shutting it down doesn’t resolve any possibility for conflict as the low level drivers would still be running. So you should uninstall MSE.

Your ping info differs from mine, but that may be geographical, but we will have to see what Milos (avast virus labs) makes of it.

For what it’s worth, I ran aswMBR.exe. Here’s the log (I don’t know what it means):

12:27:58.030 OS Version: Windows x64 6.1.7601 Service Pack 1
12:27:58.030 Number of processors: 4 586 0x1E05
12:27:58.030 ComputerName: USER1-PC UserName: User1
12:28:00.511 Initialize success
12:28:00.667 AVAST engine defs: 13052100
12:28:06.751 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-1
12:28:06.751 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 8
12:28:06.751 Disk 1 \Device\Harddisk1\DR1 → \Device\Ide\IAAStorageDevice-2
12:28:06.766 Disk 1 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 8
12:28:07.000 Disk 0 MBR read successfully
12:28:07.000 Disk 0 MBR scan
12:28:07.000 Disk 0 Windows VISTA default MBR code
12:28:07.031 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:28:07.047 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
12:28:07.063 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920
12:28:07.141 Disk 0 scanning C:\Windows\system32\drivers
12:28:19.043 Service scanning
12:28:38.216 Modules scanning
12:28:38.731 Disk 0 trace - called modules:
12:28:38.746 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:28:38.746 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8007e6d060]
12:28:38.762 3 CLASSPNP.SYS[fffff880015c743f] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-1[0xfffffa8007afc050]
12:28:39.620 AVAST engine scan C:\Windows
12:28:42.288 AVAST engine scan C:\Windows\system32
12:30:40.536 AVAST engine scan C:\Windows\system32\drivers
12:30:55.481 AVAST engine scan C:\Users\User1

Hi could you run OTL please

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

Thanks for all the replies.

I decided to uninstall Avast and use MSE.