Are you also getting the warning? So it’s not only on the PT version…
I really would like you to several things.
Lets say it is for satisfying my curiosity 
In your next post please attach the OTL log file as well as your hosts file.
Also perform the Google search again and post the (troubled)link here.
Right click the googled result, copy link address and post that here.
It will look like:
http://www.google.nl/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC0QFjAA&url=http%3A%2F%2Fwww.lavasoftsupport.com%2F&ei=SBIGU8WlEbT70gWwsoE4&usg=AFQjCNGRjQtrgm5y9yBER71lCXHzZjvlEw&sig2=MyMqUbdUcI1qCF9JDdoXuw&bvm=bv.61725948,d.d2k
EDIT:
Does ezzi.net ring a bell/sound familiar to you?
No, ezzi.net doesn’t ring any bells.
Also, when I click the address you provided, i still get the pop-up the 1st time. The second time it worked fine.
As for the hosts file, I used Roguekiller to repair it, and then used spybot to immunize it. It’s also clean. I’ve tested it before and after the immunization. It’s not from the hosts because it happens either way. I also checked the file manually, there aren’t any anomalies.
Since I checked that this is happening on every pc that has avast free installed, and only happens when using a search engine (if google, bing or others are used, the result is the same…) , despite being on different OS and ISP’s. I presume it’s a false positve.
So thanks anyway.
Yes. I went along the bench in the workshop, I tested the URL from all the live machines there.
Those with Avast installed (2 Win7 PC’d and 2 Vista laptops) throw up the infection warning. Bitdefender, Kaspersky, Norton, Panda, Avira do not find any problem with Lavasoft forum.
Wow, thanks. I think I was going crazy. I know the Techs like essexboy and Eddy are just trying to help out, but I know what I’m talking about. As I been saying, my pc is clean, OTL logs are ok, it’s all ok. The only problem is that specific address.
And Eddy, I know you are trying to help, and God bless you for that. But I also think providing the logs on the forum for everyone to see is a privacy invasion. I don’t know if any of the specs or user info in the logs could be used by someone to hack my pc and mess around. I don’t know if the OTL logs have that kind of sensitive information.
Strange, when I click on the google link I posted everything is working fine.
No redirect, no warning from avast etc.
When I click on the link posted by Sly_Toad, I do get redirected to that url4short.
I wonder if it is the Portuguese Google version that is causing this.
Please post the exact keywords you are using when doing the search.
Lets try them in other language versions of Google.
If you used the keywords in Portuguese, post them and not a translation of them.
No FP: Banner adware of the worst kind: http://maldb.com/url4short.info/c29e7461 → htxp://ib.adnxs.com/ttj?id=1183036&size=728x90 spamvertiser malcode. →
https://www.mywot.com/en/scorecard/ib.adnxs.com?utm_source=addon&utm_content=popup-donuts
Listed in OpenDNS blocklist and blacklisted elsewhere.
polonus
Thanks for checking that polonus .
@ Eddy, just use the Lavasoft URL, Avast blocks it. Avast is seeing malware that all the other AV’s have missed.
I don’t translate anything.
I search “lavasoft forum”. The first google result is “Lavasoft Support Forums” with “www.lavasoftsupport.com” underneath.
The google.nl link you provided also triggers the pop-up in my case. If i try again after the pop-up, it works.
Note that the pop-up only happens after clearing user history and cookies.
If you use bing, the problem persists. I also used sapo.pt (it’s like google, but it’s portuguese…lolol… and strange enough “sapo” means frog… toad… sly_toad get it??? lolol) IT DOESN’T TRIGGER any pop-up warning or redirection. I still get the same pop-up after cleaning the browser, and I still get redirected to url4short using google and bing.
There’s 2 options: Avast is really good and we have to give it credit for finding this, or it’s a false positive. Please be the 2nd one ;D
Note: www.lavasoft.com is working fine… only www.lavasoftsupport.com and everything in it create the pop-up warnings.
It is not a false positive, see the reply by polonus.
Yeah, just noticed that. So… what does it mean? Should we be concerned, since we all tested the website?
Following up on Reply 28. (just as info)
I did a little test.
Indeed first time it is blocked, second time not.
I did not remove cached/temporary files, only the cookie lavasoft webboard places in the browsers.
Ok, so it’s the cookie? It’s always the cookie… it’s like cluedo… it’s always coronel mustard… eheh…
Enough with the jokes… do we need to contact lavasoft about the problem? I don’t have an account there. I was just trying out the new ad-aware 11 (as a 2nd line of defense), but their webinstaller was really slow. So I went to the forums to see if anyone had a problem with it, and then it all began.
But with sapo search engine, there was no warning.
I just have send a message to their webmaster about it.
Lets see if I get a response.
I did include a link to this thread.
Ok. Thank you.
Not if you do your testing in a virtual machine or run your browser sandboxed and automatically clear sandboxed contents when done. What it likely means is that, as Polonus said, it’s banner adware of the worst kind, utilizing a cookie to begin the initial redirect to the malicious site. There’s cookies and then there are tracking cookies… normally not an issue, but in this instance, it likely is one.
Sorry, as I said I’m Portuguese, so English is not my native language. Since I accessed the address in “normal mode”, should I be concerned? That’s the only address that’s behaving that way. And banner adware… it’s adds/pub right? I don’t want to reinstall windows for the fourth time… lol
Is there anyway to correct this problem?
Address the issue of having to reinstall your os multiple times by using a disk imaging software program, preferably having an image, either full or incremental, of the operating system drive done once a day. Restoring a known clean image will take you only minutes instead of hours and/or days, plus any malware that got installed on the disk will be automatically removed and overwritten.
Run, at the very least, a sandbox program, to prevent unwanted changes to any program you use whilst connected to the Internet and always delete the sandboxed contents when done.
As this alert only presented itself when no cookie from the ad aware forum was present, because of pre-existing FF settings, and ceased when a cookie was in place, up to you to reformat and uninstall. If avast! is not alerting now, the threat seems to have been blocked entirely. That’s what it looks like from here.
Are you running Ad-Aware along side of avast?
If so, that’s a bad idea. If you have two resident a/v’s that could lead to various results. Most of which are bad.
See http://www.bleepingcomputer.com/forums/t/260844/two-anti-virus/#entry1441638
I found…
http://zulu.zscaler.com/submission/show/ca9bcb449ce76f6af913e0ad17b55238-1392919377
No, I’m not running avast and ad-aware at the same time. Ad-aware is disabled by me on Services. And I only update it/ use it when I need to. So, for now no service of ad-aware is running. Also it’s installed as compatible mode (no real-time), only on-demand.
I know you’re right about the images, but some software don’t deal very well when you do a system restore or use a image (like avast… at least in my experience). Also some program’s that do install right, fail to uninstall after using the image to restore them.
As for a sandbox, normally I use Comodo, but I didn’t know the address was infected when I googled it. That was my problem.
I’m still having the problem. I’m still getting redirected and avast blocks the infection.
What I still don’t understand is if only the cookie is infected or if it installs something on the machine. If only the cookie is infected, avast blocks the connection and when I close Firefox, it cleans the infection because Firefox deletes the cookie (as I selected to do so)?
I don’t know if I have the need to reinstall. The only address I have problems is the support forum one, and it only happens after using google, bing, yahoo, etc etc etc. If I access the site by writting the url in the address bar, after restarting Firefox, I don’t get redirected. Also, if I use my country most know search engine (sapo.pt), I also don’t get redirected.
Any word from the webmaster?
To you all, thank you. I know I’m a giant pain in the… I want to solve this, help you solve this, and prevent/help anyone that to whom this could happen/has happen.