Almost every link I click when doing a search on google.com for something gets blocked by avast. I understand avast is trying to protect my system, what I don’t understand however is what the heck could possibly be causing avast to think each and every site (even about.com pages and ezinearticles etc.) is malicious?
I have searched the forums for some info on the subject and found a very useful post about attempting to resolve such issues using MBAM here: http://forum.avast.com/index.php?topic=53253.0.
I tried this, step by step. Even found and deleted something. Here is the log:
Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.orgDatabase version: 7045
Windows 6.1.7600
Internet Explorer 8.0.7600.163857/8/2011 12:54:32 AM
mbam-log-2011-07-08 (00-54-32).txtScan type: Quick scan
Objects scanned: 178901
Time elapsed: 9 minute(s), 25 second(s)Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0Memory Processes Infected:
(No malicious items detected)Memory Modules Infected:
(No malicious items detected)Registry Keys Infected:
(No malicious items detected)Registry Values Infected:
(No malicious items detected)Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) → Bad: (0) Good: (1) → Quarantined and deleted successfully.Folders Infected:
(No malicious items detected)Files Infected:
(No malicious items detected)
IP: 64.111.211.158 url: hxxp://64.111.211.158/c.php?s=eNodTtuuokAA-yCT4wwDDDycB0HkjoKAwMuG24jITQQEwsevu2nSpk3TtNwogGhqozGAm3W8r8bN6dLaL83y8LuBH0BB_E8Q_BYhBBhwACIGgi2l_DILtCoShXccCFOKvl7mR1Wep_BG_26EJoiPAZ2zEOU4gQnP8TDJ45glDCY8-gNwQigIEi5GMEsRx_EMYLPkeygFNKLxBr_IrdZ_esPUrodDceGsCrw0hRHlKp596n6MLsbHCg_nXW-KNZP7B2lW1QnhLnKdtT5zH2_v8Dw1MoH2NGIR5sBWxXSpE2-IjX4sdgR7T0SqQzJMihQ3Cpcboia8sHMk0Mss5dSHZXO91i6e9EmP9IaPbVxGxj0LqewamINxl8tTq-Rax5GgW3qJ5Z7X8hB2mmr6SWy_45cXzq-ljXpcKZd-z7Tv0HOEnaW007uZyehgHsuC8VSErvOBsVQRX9jKZL-n_HOks_r4qhutngADQq8aPtV58tR2EDmaXd4RySXXB7keBOAwyLp_mC9qCOsetDvdf4q7x9iPFMuFi5HuxFGV3nJhkrOT24tjWa7HMiaW9IGRrdhrUOML-PgSikexztFBUKCl3CLVMGg50YCfyXUbFIxfijVP0jUaL0C_R_kaStNJn8kgT5ccWQqDr8e5WTFNwKVQ1c4MZbfma87q0vbhkIa-pnuKNWuMsJmWdwk-eT04i6lt2-phfqswaSqmevr7feXAqHfS-mYK0TFoOjHUemmeCNpdb8v-Df2Ft6jkhsbdmixgcrsiOw5L25jsyXMkNuHkKVP7h2svBYXJ6zqt7AUV-mc-TeeFd1FIDGVah1krOUutrXxV8yAOrjn3WT6GfJal_Z3YQi8s99_fjeV-aPADv7xtPPsDKfwDmX8Bu4FtozYHzBf7wWjuMxxtwFsGtE429K-OZ_euVNkutHwbOhf3MZguOJ2Nz3cU_MeGtgxlyKitNgzsMZOLKqT4Oqr9KpZ5mFLe-PXDxqQkZjHJWcRRVJrmkMsgSzgqyQnDMHm8fTMaAkKyhNCQTWLIs3FG04DOmBSQDP8FOLNFkg
After restarting my system I attempted to open the links again from google.com but avast keeps doing it. I’ve noticed however that when/if avast doesn’t block the sites the url changes to dances.us and then it asks me to download something. It says something like “Search from google.com” asking for me to download it. I always click cancel and hit the back button, or close the tab and do the search over again, and it either blocks, or does the download search thing again. What can I do to stop this, I want to stop this thing whatever it is and get it the heck out of my computer as soon as possible before it goes rogue or something so please somebody, anybody help me! ??? :-\
Oh and btw, this doesn’t happen when I type url’s into my browser. Only seems to happen when I use google search (haven’t tried yahoo, msn or any other). And almost forgot, sometimes when I click a link in google search it takes me to one of those “this domain not taken” type sites with search results for what I searched for on google. ???
…reason for edit, happened again:
Ok this time the redirect is another site, besides the old dances.us one. Now it redirects to http://w w w.chat.thecoffeehouse.c o m/. Which shows up as the usual blank page just as with dances.us. Here is the info from the download popup:
Opening search
You have chosen to open
search
which is a: application/json
from: http://www.google.com
What should firefox do with this file…etc etc.