We are going to need more information, like posting an image of the alert window so we can check the site and process responsible for the connection, etc. ?
When does this happen, e.g. browsing, google search, what operating system and browser are you using, not browsing, etc. ?
This happening to me as well. I tried posting this earlier but got an error saying my image attachment was too big. Sorry if this posts multiple times…
I get this popup every two minutes.
I ran malwarebytes, GMER Rootkit Scanner, atf cleaner. No malware found.
Yes, changing away from automatic proxy detection seems to have solved the problem. Thanks! Now I have to figure out how that got turned on between two days ago and yesterday. I didn’t install anything, could that be a sign of some other problem?
I used to use godaddy as the host for my web and ftp sites last year, but switched to a new host about 10 months ago. The computer I’m using is only 2 months old and has never interacted with godaddy in any way.
This is my personal laptop but I asked the IT dept to put this laptop on the company domain a few weeks ago? Could that be causing this? If so, is it strange that it only started happening yesterday?
Well, then your proxy obviously shouldn’t point to GoDaddy. So is your employer using them (see below)?
Is the above router yours? Did your IT dept. configure it?
Are you actually connecting at work when you have this problem? The above points to a parked webpage at GoDaddy, not really to a proxy at all. (At least for me.)
Well, whatever. What is going on is basically that:
you have DHCP enabled
your browser searches for proxy configuration via proxy autodiscovery, doing that, they query wpad hostname for configuration file location. The file is - per RFC - called wpad.dat
the domain name your IT added your machine to is appended to the lookup, so that you get wpad..org query
your employer has a wildcard DNS record that points to the GoDaddy webhosting (mkay, wildcard records are bad… :P)
the webhosting for whatever reason happily serves the same parking index page no matter what your try to GET - instead of proper 404 Not Found :
# wget http://68.178.232.99/[b]dfdfsdfsdfewretretretre[/b]
--2011-03-27 19:14:33-- http://68.178.232.99/dfdfsdfsdfewretretretre
Connecting to 68.178.232.99:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 24363 (24K) [text/html]
Saving to: dfdfsdfsdfewretretretre
100%[==============================>] 24,363 41.1K/s in 0.6s
avast! dislikes that page for whatever reason. Beyond the advert links, I do not see anything suspicious in the source of the parking page.
Outta here. Someone might want to look at the source of the page. If it is clean, report as false positive. I do not think there is any infection on your machine. I also think that GoDaddy sucks.
Rats, disabling auto detect proxy settings didn’t solve the problem. I’m still getting the message. It’s not happening as often, but I just got the message as I was using my browser at evenue.net, confirming the purchase of some soccer tickets.
As far as I know, my employer does not use godaddy.com for their ISP. This is happening to me at home rather than at work.
Yes, my home router. Same one I’ve been using for 1.5 years, no recent changes to configuration.
As for your employer, they should really scratch the wildcard DNS record or at minimum point it somewhere else than the GoDaddy hosting. It’s appears rather dangerous in combinations when morons like GoDaddy are involved who serve their landing page no matter what you ask for. Just imagine the page had something like this: http://www.theregister.co.uk/2011/03/25/spotify_malvertisement_attack/ and your AV missed it.
Meanwhile, edit C:\windows\system32\drivers\etc\hosts (Notepad, right-click and select “Run as Administrator”) and stick the following there:
I’m having the same problem it keeps popping up saying object: 94.229.7762/api/proxy.php process: c:/win.msilsystem.exe this been going on for bout month now ??? when i chick in it it wants me to buy