Hi, I keep getting blocked malicious sites notices, even when I do a Google search. It seems to always involve some kind of advertisingclickfeed site.
I’m attaching a few png screenshots, and a text file that has the entire link of the clickfeed URL.
I updated and ran Avast, and it did find a couple of infections, and I did the same with Malwarebytes, and it too, came up with a few infections. I’m not sure at this moment how to send an Avast log, but I’ll be happy to post that if need be. For now, here are the attachments I do have ready.
I updated again today and ran the scans again and at this point, neither find any infections.
Thanks in advance for your help. I appreciate it! What should I do about this situation? Thanks.
[*]Select All Users
[*]Under the Custom Scan box paste this in netsvcs
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs
Wow, thanks for the super-fast reply. I don’t usually use IE, and I do use Firefox. When I get the warning and click for more info, it takes me to an Avast page but generates it from Chrome, and Chrome says the page is insecure to load. Chrome actually says even https://www.google.com/ is unsecure and to not load it, so I have not.
I will download the recommendation you sent, and follow the steps. In the meantime, I am attaching two more screenshots, of firstly the Avast quick scan, and then the secondary recommended boot scan, when it found problems with the quick scan. Hope these help.
Is there some kind of epidemic out there now? I see others with the same problem here.
I just tried to go to https://www.google.com/ in IE. It did load, without generating the Avast warning, but it also said some content was not secure, and offered to show unsecure content, but I did not let it do that.
I just typed in “vitamins” as an example of the sites triggering the avast warning in Firefox, and yes, it did generate the warning in IE as well.
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Here is the scan after running the fix. Question - I realized after I started the scan that I didn’t check Scan All Users. However, I’m the only user on this computer, and I am the Administrator, so is it okay? If not, let me know and I’ll check the box the redo the scan. Sorry about that.
and Chrome still tells me that google.com is unsecure and to not load the page. But I opened IE, went to Google with no problem, then did a search for vitamins, and no Avast warning came up.
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download and Install Combofix
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
Hi, I ran the ComboFix program as directed, but I still get the Avast bad site warning when I use Firefox to go to my Google homepage, and do a search for vitamins, which is the search I’ve been doing to set off the warning, so I figured I’d search that way again now. Chrome is still telling me when I try to go to www.google.com that it is unsecure and not to load the page.
What next? Thanks for taking me this far. I’ve attached my ComboFix log. Hopefully something there will stand out and we can repair it.
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Here is the latest OTL log. Thanks for taking a look at it. Chrome is still saying that it is unsecure to load Google. Firefox still gives me the Avast warning about pageclickfeed when I do a search for vitamins. But IE seems to be okay. No warnings about Google being unsafe, and when I do the vitamin search in IE, no Avast warnings about blocked sites.
I notice in the code I pasted in, you called out ipconfig renew and release. Just thought I’d add I’ve been using that command recently. There were times when I couldn’t get online or check email, maybe 2 months ago, and I called my ISP, which is CommSpeed in Arizona in the United States.
They had me using the ipconfig renew and release command to clear my system, and it worked. Later, on my own, any time I had to unhook my cables to reorganize my office setup and had difficulty getting back online, I would run the ipconfig renew and release and it would get me back online.
Just thought I’d share that in case it is relevant. Thanks.
One other question is that I’m in the process of returning my computer, a laptop, to HP for repair for an unrelated issue. It has Beats Audio, and makes the music I play sound weird. I doubt if this is virus-related, but who knows.
Question is, should I just pack up my computer and send it to them and let them get the virus out of it? At first I’m thinking I don’t want to send them a computer that has known problems. Then I thought well, they ARE tech support and would know how to fix this. I’ve contacted them, asking if I should send it without cleaning it up myself but have not heard back from them. What do you recommend?
Why are so many others having similar problems as mine - is this part of that scare that so many sites were supposed to be shut down to snuff out hackers, that the whole internet was going to fail in July? Or is this a normal amount of users to have similar problems at the same time?
The problem is somewhere within the Firefox extensions / addons this also affects chrome. There are so many hiding places within both those programmes that I now no longer even consider using them. The vast majority of this type of redirect are now in Chrome and Firefox very rarely in IE9
The quickest way to cure this to be honest is to uninstall both Chrome and Firefox (full uninstall) and then reinstall
I don’t mind uninstalling and reinstalling Chrome and Firefox. I use Firefox mostly. And I moved to it because at the time IE was not as secure. Has that changed now - would you use IE9 over the others because it has improved? Seems like at one time all the hackers were targeting IE so I abandoned it.
But I’m not happy with Firefox either. I try to open a PDF and it acts all weird. If IE is safe nowadays, I’ll just use it.
So do you spend your days helping people all day? I find it very generous of you to share your knowledge and expertise this way. I design websites, or I did in the past, so I have an idea of one slice of the pie, but the IT stuff, the tech and analysis stuff, I know little about, so I really appreciate you being there.
