I have just started to receive network shield warning pop ups for the URL:MAL virus. It is not happening every time with one exception - when I go to the web site BOSTON.COM which is the online newspaper site for the Boston area. There is no way that BOSTON.COM is a malicious site so I do not understand why the warning pops up all the time when I am on that site. I have run full Avast and Malwarebytes scans and everything looked clean.
I also noticed that the AVAST pop up warning indicated that the process running was chrome.exe so I tried a couple of things. I used Chrome Incognito setting and I do not get the URL:MAL warning. Also if I use IE I do not get the warning. I only get the warning in chrome.
My computer is only a couple of months old so I am concerned and I hope that you can help me get rid of this. I have attached logs AdwCleaner, mbam, OTL, and aswMBR.
Yes I suppose that the site, like any site, could get hacked. I guess I meant that I do not think it is likely that there is something malicious with the site.
I have just started getting the warning today and it is the first time. It also is not just the boston.com site. I have gotten the warning a couple of times just doing a google search.
I am not clear what you are telling me in your reply. if I do not have a problem why did this start to happen and why only in chrome and not in chrome incognito or IE. Do I have a problem that needs to be looked at by a removal expert?
Yes I suppose that the site, like any site, could get hacked. I guess I meant that I do not think it is likely that there is something malicious with the site.
they find a new infected website every 3.5 sek
there is a link to that story in here somwhere....cant find it when i need it ;D
anyway malware removers are notified and will check your logs…guessing you have to wait untill tomorrow as it is midnight here in europe now
I understand that I have to wait, no problem. I assume that the AVAST pop up is blocking a potential infection so even though I am getting the warning my computer is not infected with anything?
[*]Disable any script blocking protection
[*]Right-click and Run as Administrator dds to run the tool.
[*]When done, two DDS.txt’s will open.
[*]Save both reports to your desktop.
Please include the contents of the following in your next reply:
Download Combofix from the link below, and save it to your desktop. Link
Note: It is important that it is saved directly to your desktop
If you get a message saying “Illegal operation attempted on a registry key that has been marked for deletion”, please restart your computer.
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.
Is there any follow up instructions that I need to perform? I clicked on the pop up to look at infection details and the URL it shows is hxxx://afe.specificclick.net/?l Is this a virus and/or is any of this information helpful to stop this issue that I have?
I uninstalled and reinstalled Chrome in hopes that this MAL pop up issue would stop. I deleted all of my cookies and put a block on specificclick. Has not helped and I am still getting warning.
Created socket 5.
Releasing 0x0000000000dbd290 (new refcount 1).
`/tmp/BARxVFlTP’ saved [2] data from SafeVirusViewer
iFrame script src: htxp://puma.vizu.com/cdn/00/00/60/83/smart_tag.js?adid≈ 300x250comp;siteid≈ specificmedia;ord≈ 1360345737" type≈ "text/javascript
blacklist source: http://host.robtex.com/puma.vizu.com.html (Click Tracking site) as 2 detections: http://www.urlvoid.com/scan/afe.specificclick.net/
listed in OpenDNS’s Block Tool and flagged here: http://hosts-file.net/?s=afe.specificclick.net
Classification of site = ATS - Ad/tracking servers → This classification is assigned for domains being used for advert or tracking purposes
I am still hoping for a removal expert to tell me if there is any more that I can do to stop these random pop ups.
I am considering downloading Microsoft Security Essentials but I am afraid to do that now because if I do have a real infection of some kind it looks like Avast is blocking it and if Microsoft Essentials does not block what might be a real infection then I am gong to be worse off.
[]Shut down your protection software now to avoid potential conflicts.
[]Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select “Run as Administrator”.
[]The tool will open and start scanning your system.
[]Please be patient as this can take a while to complete depending on your system’s specifications.
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[]Post the contents of JRT.txt into your next message.
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )
May I ask are you having me run all these scan tools because you do not see any evidence of a problem or infection, or have you seen something and you are having me run scans in an attempt to remove it?
Also someone else has recently posted in thread title POPUP ALERT MALFUNCTION that he is all of a sudden getting these pop up warnings. As I am running all these different tools is there any indication that Avast needs to investigate a possible false positive that is starting to be detected?
