Malicious URL Blocked...Help Need Please!

system · January 31, 2011, 4:46am

Hi there, I’m struggling with a malicious URL. Avast! says ‘malicious url blocked’ every time I open Mozilla Firefox, no matter what the homepage is. We have used google, facebook, etc… and they all have the same result.

It does this any time a new webpage is typed in.

Any help would be greatly appreciated!

system · January 31, 2011, 4:51am

It could be false positives.Please wait,some one will help you.

nmb · January 31, 2011, 4:59am

Hi,

Can you please follow the first post in this topic: http://forum.avast.com/index.php?topic=53253.0 and post the results?

I will notify essexboy, the malware expert. He will be here by 08:00pm - 11:59pm UK time

system · February 1, 2011, 4:21am

Thanks a lot. I ran MBAM and there were some trojans and adware which the program removed. However, something caused my computer to shut down before I could save the log. I ran it again upon restart and all the adware and trojans were gone. I am attaching the OTL file though.

essexboy · February 1, 2011, 6:24pm

Do you get the same alert when using IE ? Some of your toolbars may need re-installing once this run is done

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL FF - prefs.js..browser.search.defaultthis.engineName: "Bitlord 1.2 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2830765&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Bitlord 1.2 Customized Web Search" [2011/01/20 23:58:02 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Joanne\AppData\Roaming\Mozilla\Firefox\Profiles\mrsoqb7j.default\extensions\engine@conduit.com [2011/01/17 10:50:10 | 000,000,925 | ---- | M] () -- C:\Users\Joanne\AppData\Roaming\Mozilla\Firefox\Profiles\mrsoqb7j.default\searchplugins\conduit.xml O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Bitlord 1.2 Toolbar) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll (Conduit Ltd.) O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bitlord 1.2 Toolbar) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll () [2011/01/20 21:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2011/01/20 21:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine [2011/01/20 21:59:32 | 000,000,000 | ---D | C] -- C:\Users\Joanne\AppData\Local\Conduit
:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

system · February 2, 2011, 12:53pm

Yes, I get that same alert. And I don’t need any of those toolbars back. Thanks for all your help so far!

essexboy · February 2, 2011, 6:39pm

OK time for the big boy to look at any chrome settings

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[]Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

system · February 3, 2011, 4:01am

I have attached the log.

essexboy · February 3, 2011, 6:35pm

What is the situation with the alerts now ?

system · February 4, 2011, 2:04pm

The alerts still appear when first opening the browsers. Do you think it may just be a false positive?

danny96 · February 4, 2011, 2:57pm

what URL is in the alert? is this happens only in Mozilla Firefox? Do you tried to reinstall mozilla or avast?

essexboy · February 4, 2011, 7:53pm

Yes is it FF only ? If so as an experiment change your home page

Also are any other computers affected and do you use a router

system · February 9, 2011, 3:36am

Sorry for the delayed response. I uninstalled both ff and avast. Once I reinstalled them, I did not have that problem. Thanks a bunch!

Malicious URL Blocked...Help Need Please!

Announcements