Help! Web Shield has blocked a malicious web page or file!

I keep on getting this popup about a malicious web page or file. Please tell me what to do. Thanks…

That indicates that a programme on your computer is using an unusual way to update

Please follow the steps on this page http://forum.avast.com/index.php?topic=53253.0

And attach the logs here

Hi! Thanks for your fast reply. I’ve already done those procedures earlier (thanks to your forums), I’m so glad to receive a quick response. I’m running on Windows 8 so I didn’t do the aswMBR.exe part.

Let me know if this stops it… Is the alert appearing in any specific browser or all ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..extensions.enabledAddons: leethax%40leethax.net:2013.08.31b

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN
Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Hello.

Here are the logs you’ve requested. Regarding the AdwCleaner, I didn’t include 1 programme (Splashtop) because I have that program for a while and didn’t trigger any alert. Please tell me if what I did was wrong? :slight_smile:

Regarding your question about the browser, the popup appears like every 5 minutes when using Chrome. Then I opened IE, and it appears like crazy.

It seems like the popup is gone after the OTL and the AdwCleaner process. I’ll continue to monitor and get back to you.

Thanks again for your help. Truly grateful. :slight_smile:

Since I’m receiving (Or about to) help. I probably shouldn’t post this. However, Most likely what happened is a Drive-by-Download, Executable or Script that infected svchost and either tried calling home or was spamming (As I’ve seen in many Cases) peoples email addresses to make it more wide Spread…

That was a false positive fixed by a streaming update last night

Do you have any further problems ?

No I haven’t. The pop-up seems to be gone for almost a day now.

Although Malwarebytes detected 1 page (and blocked it) that was trying to update this afternoon, the popup was too fast I wasn’t able to read it properly. It appeared only once.

Thanks for your help @essexboy :slight_smile:

Grand, run OTL and press the cleanup button

May I ask what this final process will do? Will it affect any of my files?

Nope it will just remove OTL and its associated folders :slight_smile:

Done! You’ve been very helpful. Thanks a lot. :slight_smile: