I hope I don’t have a problem, I just went from Avast 4.8 to 5, I did a complete scan and it found, and I moved to chest, (win32:Delf-MZG (trj) ) and a (Win32:KillApp-W (pup) )…
Now I keep getting a (Malicius URL Blocked)
“avast network shield has blocked a threat”
the 2 URL you listed was blocked by avast before you could enter the websites. so i guess they are on some bad website list…
(win32:Delf-MZG (trj) ) and a (Win32:KillApp-W (pup) )
This is found in your computer, but we need name of the files that was detected and where in the pc it was found to find out more....
check your computer for malware with
Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
after install click update so you have latest database before you scan
run quick scan and click the remove selected button to quarantine anything found
post the log here
Thanks, I ran a scan yesterday and the day before they both came out clean (see below) the (win32:Delf-MZG (trj) ) and a (Win32:KillApp-W (pup) ) are in my Avast chest now. Is there still more to clean up ?
Malwarebytes’ Anti-Malware 1.46 www.malwarebytes.org
Database version: 4189
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
PS: Sorry forgot to say what the "the 2 URL you listed was blocked by avast before you could enter the websites. so i guess they are on some bad website list " are…I get the blocked message every time I go to my Yahoo home page ! and got it again when I came here…
I doubt that the network shield alerts were in any way related to the Win32:KillApp-W (pup) detection, though there is a possibility it could be related to the win32:Delf-MZG (trj) detection (but as has been said we need the file name and location).
A quick MBAM scan is generally enough as a first scan, it will find the majority of what would be found in the c:\ drive.
Are you using an HP system as there have been a couple of detections relating to Win32:KillApp-W detection in c:\hp\bin, is that the original location of the file (and what is its file name) ?
Yes, it is an HP product, with an HP scanner and photo programs…How do I find out where things that are now in my virus chest came from ? It just says system volume informationrestore(ED1AD764-6EE8 and about 20 more numbers) under original location and the name is A0156470.exe if that helps…Quick and full scans with Malwarebytes all come up clean…this is all strange to me…Thankyou for trying to help
Now when I came back here to read this again I got the (Malicius URL Blocked)
“avast network shield has blocked a threat” media9s.com/cgi/eujzpe.php?pu=67=03465x04445 Process: c\Program files\Internet Explorer\IEPLORE>EXE
I didn’t have anything else open or running just this page when I got the message
Well right clicking on the file in the chest and selecting properties would show the original location.
So I would say that these ones in the system restore aren’t related to the Win32:KillApp-W detection are they ?
If so this is less of an issue:
Infected Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
Worst case scenario it isn’t infected and you delete it, you can’t use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.
The other detections I mentioned relating to the Win32:KillApp-W detection were effectively live files and in the c:\hp\bin folder.
Well the detection appears good, see http://www.mywot.com/en/scorecard/media9s.com, though why it is happening is the mystery. Do you have any feeds, etc. set-up in IE that may be trying to access this site ?
Thanks again, where do I look for “any feeds, etc. set-up in IE that may be trying to access this site” ? I just changed to IE8 in the last few days, trying to find the problem, something keeps IE from loading for about 80 seconds, it used to load in about 10 seconds, so there must be something trying…thanks again…dave
I don’t use IE as my default browser, it is only there because IE is an integral part of the OS so you have to keep it up to date. So I use it very infrequently and am not very familiar with its settings now.
By feeds I mean RSS or Live Bookmarks, something that checks a site to see if there is anything new on it. That background checking would force the network shield to check the site against its malicious sites list.
I’m surprised that MBAM didn’t find anything if you are getting this in IE as it sounds a little like browser hijacking.
Thanks again, I have SUPERAntiSpyware Free Edition I’ve updated it and ran it several times lately, and it only comes up with cookies. I’ve deleted temps, trashed most old favorites, scanned and scaned and yet I have a very slow starting IE and the first time each restart I Right-click on any song or photo file it takes over a minute before I get the box to choose an option…strange stuff going on…
For the browser issue what happens if you try another browser, firefox, chrome or opera, etc. ?
If it is taking this amount of time before getting option on the right click of flies, it could be conflict, but trying to pin that down isn’t easy. Open the task manager so you can try and monitor what activity is going on when you try this. It could also be a shell extension (explorer right click entries) conflict, which may not show in any CPU increase and once more this isn’t easy to identify.
The only thing that jumped up in CPU under Processes was “explorer.exe” user name owner (mem usage-28,088k) I also have 2 “iexplorer.exe” with 40k & 48k of mem, they didn’t move, and down near the bottom “system” jumped just a little
Generally, avast detection is accurate in these cases.
Isn’t it an encrypted/obfuscated script or iframe?
Wasn’t the site hacked?
Maybe you could contact its webmaster.