I have been getting the same Avast warnings about Infekce zablokována for the past two days in both Chrome and Firefox. The warning shows:

Object: http://54.213.74.177/?check=2
Infection: URL: Mal

I did a /whois at http://whois.domaintools.com/54.213.74.177 and the 54.213.74.177 IP resolves to Amazon Technologies Inc. in Seattle, Washington. I don’t think Amazon would be sending out malware, but I suppose anything is possible.

Follow the instructions and ATTACH the logs to your next post:
https://forum.avast.com/index.php?topic=53253.0

Hi Eddy, attached is the log.

I am getting the same error from Avast repeatedly. It just started a few minutes ago but happened several times.

http://www.avast.com/en-us/lp-fr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_90_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-us%2Fvirus-alert-default&p_vir=VVJMOk1hbA&p_prc=C:\Program%20Files%20(x86)\Google\Chrome\Application\chrome.exe&p_obj=aHR0cDovLzU0LjIxMy43NC4xNzcvP2NoZWNrPTI&p_var=.%2Ffa%2Fen-us%2Fvirus-alert-default&p_elm=7&p_lex=160&p_lid=en-us&p_lng=en&p_lqa=0&p_lqe=0&p_lst=0&p_lsu=24&p_pro=0&p_bld=empty&p_vep=9&p_ves=0&p_vbd=2021&p_hid=b3115699-b730-4058-a699-2ae1b996ac7b&p_ram=8052&p_cpu=-1.0

Object: http://54.213.74.177/?check=2
Infection: URL: Mal

Avast! says it blocked the threat.
It happened while looking at a Breitbart article. Wanted to check if you visited Breitbart.com.

I do occasionally visit Breitbart, but these came when I’ve been on the Jerusalem Post site.

Additionally, if I click on http://54.213.74.177/?check=2, the Avast warning comes up immediately, and the page does not load.

Thanks for replying. Perhaps the error was triggered by an advertiser that Breitbart and Jerusalem Post have in common.

I would expect to get the warning again if I clicked on the numerical IP link that Avast! identified as the threat - so I’m not sure why what we would learn from clicking it.

What I’d like to know is what regular web pages we are visiting that are triggering these alerts.

I am unable to install Farbar. When I try to install, I get this error message shown in screenshot. At the same time, it tries to launch Farbar but nothing happens. And right now, the Recovery Scan Tool is locked. I cannot close it. See next screen shot.

How long should it take to run the aswMBR.exe application? I think mine must be in a loop.

It’s been scanning one directory for 30 minutes at least. The task manager shows that it’s running but it’s stuck at the C:\Users\Alan\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\zi0zrqm4 folder.

EDIT: Just after I sent the message it’s moved on to another folder, but my question remains: How long should it take to run the aswMBR.exe application?

EDIT_2:OK, the aswMBR.exe application has finished, and I am attaching that log. I still cannot install/run Farbar.

I finally was able to run Farbar. (Silly me, I had neglected to read the instruction that said to Right click to run as administrator.)

Anyway, I’ve attached the FRST.txt and the Addition.txt files.

AswMBR carried out a full virus scan on the system hence the time taken

Are you still receiving the alerts ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {87000137-9620-4A2C-B4E1-5329223F09F6} URL = CMD: bitsadmin /reset /allusers CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

Here is the log, essexboy.

Are you still getting the alerts ?

Yes, I am still getting them.

OK time to dig deeper, do the alerts occur in IE as well ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

I don’t use IE, although if you want me to I will.

Additionally, although my starter post stated that I’m getting the Avast warnings in both Chrome and Firefox, the messages now seem to appear only with Chrome.

I will download and run ComboFix and post the log when I am finished.

Given all the threads from people who are having the same issue as I, do we have any idea what the problem might be, and why the IP that is shown point to Amazon?

I am not sure yet but I believe we may be looking at poisoned ads… Still investigating though

I disabled Avast and ran ComboFix. During its running there were a couple of error messages about EAccessViolation in module ERUNT.3XE (see attached screenshot). I just clicked OK and ComboFix continued to run and finished successfully.

I am attaching the Combofix.txt log.

I am forwarding this to Avast as a possible FP please bear with me

Hello,
IP 54.213.74.177 was unblocked.

Milos

Thank you all for your help.