Lavasoft Support Forums Malware???

Hello… I’m having a little problem since monday. I don’t know if my pc is infected or not. I presume it’s not infected because the only problem I have is with one URL.
I’m using Firefox 27.0.1 and everytime I want to access www.lavasoftsupport.com for the first time, avast block’s the connection and the web page is redirected to hxxp://url4short.info/c29e7461
I try to access www.lavasoftsupport.com again and voilá, it’s working again. My Firefox deletes user history everytime it’s close, so everytime I want to access lavasoftsupport.com for the first time, Avast blocks the connection, redirect’s me to that url4short.info crap. And then, if access lavasoft again, it’s working again. I’ve attached and image showing what avast is blocking. It’s in Portuguese, because I’m portuguese. :stuck_out_tongue:

I’ve reinstalled firefox, avast, run malwarebytes and avast, superantispyware, etc etc etc… my pc is clean… And the problem is only specific to www.lavasoftsupport.com and url’s that have www.lavasoftsupport.com in them.

Also, I have another problem, this time related to Avast Online Security Add-on on Firefox. Since the v27.0.1 of FF came out, the Settings button (or definitions button… I don’t know what’s called in the english version) doesn’t seem to work. I click on the avast icon on FF, I try to modify the settings, but it doesn’t open the chrome\ webpage anymore.

It could be possible to have something redirecting you to that other link, I tried both links you gave other than the url4short one as I have no idea where it leads and it opened the support forum for lavasoft just fine.

So, how do I solve this. I’ve already removed every add-on in FF, and this still happens. I’ve installed Chrome, it still happens… Has my pc been Hijacked?

follow the logs guide at top in viruses and worms forum section… attach OTL diagnostic log, then a malware expert will take a look

Threat alert ceases because you’ve got the option set in FF to delete all cookies as well as user history? Once you’ve tried the first time, the second attempt always gets you there?

Got the same alert from clicking your redirect link here, so please modify that link as thus: hxxp://url4short.info/c29e7461 to prevent any issues with other users clicking the live link as it is set now.

bad WOT reputation. https://www.mywot.com/en/scorecard/url4short.info

No. Threat alert prevents me from accessing the site www.lavasoftsupport.com on the first attempt, because I get redirected to the url4short crap. After this I can access the lavasoftsupport.com site whenever I want if I don’t close firefox. I have my firefox to delete all cookies and user history upon exiting. If I restart Firefox and try to access lavasoftsupport.com, I get redirected again on the first attempt.

This doesn’t happen with other sites. Also, I’ve taken the liberty of performing the steps posted here: http://malwaretips.com/blogs/remove-browser-redirect-virus/

but they failed to help me. As I said, my pc is clean according to the results.

Actually it’s affecting every browser in my pc. Chrome, IE, FF, Opera, etc etc etc… all of them are redirected. To be honest, I thought it could be google redirect virus, but it only seems to affect www.lavasoftsupport.com.
I’ve also installed a lot of freeware cleaners and antivirus, but none of them detect any infection. I also had spybot Immunize a long while ago, so I don’t know if it has anything to do with this.

Googling for answers, theres seems to be at least one more felow with the same problem… so, i don’t know what to do. Even OTL files are clean. (yes I can tell)

Even OTL files are clean. (yes I can tell)
why not let Essexboy see it?

Yeah, I’ll update them. Right now I’m running ad-aware in compatability mode to see if it detect’s anything. I’ll run a new OTL after that.

Ok, i’m having trouble running OTL. It doesn’t create and Extras.txt file.

Also, i’ve noticed something weird. If I write www.lavasoftsupport.com directly or I click it for exemple in one of my posts, I go directly to the site. No problems.
But if I google “lavasoft forums” and click on the first one on the list, I get redirected.

I must ask someone to verify if this also happens to them. Can someone google lavasoft forum and click on the first site on the list to see if it redirects? If so, the problem is not on my computer. This must be done after cleaning history and cookies and restarting Firefox, or Chrome, or IE…

Ok, i'm having trouble running OTL. It doesn't create and Extras.txt file.
it is only created at first run, that log is not important and usually not needed, as the name say just extra computer tech info

Ok, running OTL again.

Can you please verify what i asked? Close a clear your browser history and cookies (i know it’s a pain), google lavasoft forum, and enter the first on the list. If I write on the url thingy on firefox, I don’t get redirected. I only get redirected if i google it.

Cleaned my browsing history/cookies, googled lavasoft support forum and clicked the first link and no redirection so must be something on your end.

Hi and thanks for the answer.

I made an investigation of my own. I reinstalled windows last night and tested again with AVG installed this time around. I was not redirected. I reinstalled windows once again, and installed avast and got redirected. I was starting to think that the problem could be my router or maybe google itself.
Then, a few hours ago I asked a friend of mine who works at a computer shop for his laptop which had Panda installed and tested again. Nothing happened. Then I installed Avast Portuguese Version and tested again, and voilá, it got redirected.

Keep in mind this was on a DIFFERENT LAPTOP, and connected to a DIFFERENT ISP (usb stick of another ISP). Then he connected to his WIFI, and still got redirected… Then we tested on another pc connected to a Public Wifi connection, and it was still redirected

As I said all along, I know my pc is not infected. So something is happening here. Also, I’m using Windows 7 Home Premium and he his using Windows XP Sp3 and Windows Vista. All of them are Genuine, as they came pre-installed in the machines.

So what to do now?

Update:
Tested with Avira, Comodo and ZoneAlarm… working fine. Only avast is popping up security warnings and showing me the url4short thing. Also the lavasoftsupport page seems to be opening fine for half a second before redirection. Sometimes it shows the full page, and avast pops-up and it gets redirected.

Wow, all you had to do was check the URL with a few of the online tools available.

Then report the false positive to Avast.

Avast is not redirecting you, it is is saying there is/was a redirect to that URL on that site,maybe it has been cleaned up now, and Avast need to remove the detection from their list.

google lavasoft forum, and enter the first on the list
That is no usefull info at all. What people get to see as first link depends on their settings, (e.g. language and other things)

So far you only claimed that your system is not infected with anything, yet you refuse to post log files.
Are you afraid that we find a infection that you have overlooked?

“Reinstalled Windows”?
Let me guess…
You didn’t do it the proper way.
You did not physically disconnected the system from every network when doing so.

  • Disconnect physically from all networks
  • Install Windows
  • Install all system drivers
  • Install all other drivers (printer, joystick etc etc)
  • Check if all drivers are installed properly
  • Install a av
  • Connect to the internet only (even better is having a cd/dvd with all updates)
  • Install all windows updates

About the blocked IP:
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: EZZI.net
Registrant Organization: EZZI.net
Registrant Street: 882 3rd Ave
Registrant City: Brooklyn
Registrant State/Province: NY
Registrant Postal Code: 11232
Registrant Country: US
Registrant Phone: 1-866-438-3994
Registrant Phone Ext:
Registrant Fax: 1-631-961-0500
Registrant Fax Ext:
Registrant Email: webmaster@ezzi.net

The issue is the Avast detection, no other AV/malware app sees anything wrong.

I tried the site from 3 avast protected machines and get the warning, use anything else and there is no problem.

Try Virus Total , URL Void etc … all clear.

I know Avast is not redirecting me. Sorry if I made that unclear. As I said, I’m Portuguese, so I have to think in Portuguese and translate it in realtime, so something was lost on translation. lol
But when the pop-up appears, it takes me to that Url4short page. And I knew my pc was clean… not 100% sure, but after doing some steps present on malwaretips and running OTL and combofix and other tools I knew it was not on my end.

The url4short link is bad, really bad. It has active malware, and I was being redirected to that link after googling for lavasoft forum and selecting the 1st on the search result list. This only happens in a browser that has is user history and cookies cleaned/wiped. After that, if I click the search result again, it opens the webpage without any problems. It’s only on the 1st attempt. Also if I write the url, it takes me directly to it without redirecting.

Something is happening between clicking on the search result for the 1st time and google connecting to lavasoftsupport.com website that is triggering this behavior on Avast.

And it seems that is only happening in the Portuguese version.

That is no usefull info at all. What people get to see as first link depends on their settings, (e.g. language and other things)

So far you only claimed that your system is not infected with anything, yet you refuse to post log files.
Are you afraid that we find a infection that you have overlooked?

No, actually yesterday I decided to reinstall windows because I needed my laptop for today. I spent my night doing it because trying to solve it through here could take too long (sorry, I know you are experts, but nothing beats realtime problem solving). And as for the info, it was what I had at the moment. Avast was/is behaving like this only when I do that. It was late, I only have one machine so I just wanted to know if anybody else was having the same problem as I.

And I did it the right way. Disconnected everything, wiped the hdd, installed windows, comodo firewall and avg (and configured them) and updated windows and tested it. Then I did it all over again this time installing avast instead and tested it. It took me about 3 hours each reinstallation.

Then this morning I tested again on different machines, thnks to my friend, and they all have the same behaviour.

Avast installations on those machines where downloaded from the links provided in this forum, and from the online installer on avast website. It seems that is only occuring in portuguese versions of the program.