Malicious URL Blocked - trying to access javaw.exe

Hi,

Last week I was getting a Malicious URL Blocked Message from Avast. I ran MalwareBytes, CCleaner, SuperAntiSpyware, TDSKiller, and Avast - all came back clean (boot time scan as well). I also uninstalled Java because that’s the process being accessed. No messages after that.

Well, I needed Java for something last night and about 3 hours later I get 5 messages saying a Malicious URL has been blocked:

Object: 64.74.223.39/
Infection: URL: Mal
Action: Blocked
Process: C:\Program Files\Java\jre6\bin\javaw.exe

This happens even when I am not accessing a browser (though Digsby is logged in and I am still connected to the internet).

I am currently running Windows XP SP2 with Avast! 6.0.1125 (def 110614-1) and Comodo Firewall 5.4.189822.1355.

Please help!

First of all, get SP3.
The reason why nothing is found is because it is blocked.
The site (IP) you mention is trying to spread malware.
http://www.malwareurl.com/listing.php?domain=b.moneymoney888.com

+1 and asap…!!!
Additionally, install all important XP security updates afterwards…!!!

Okay… I will start the process of installing SP3 (backups, AMD patch, ASR). I’d been hesitant to install it because I’d heard it had killed a lot of people’s systems.

If I’m able to successfully install SP3, should I then run Malwarebytes, etc. again?

Actually, sorry, I think maybe I misread your reply. Are you saying nothing is found because nothing is on my machine to be found because the site is being blocked?

I assumed it was something on my end because I get that pop-up at times when I am not doing anything on the machine and no browser is open (unless it is coming from Digsby, which is logged in).

I have, however, deleted a suspect folder and haven’t had the pop-up in about 7 hours.

Actually, sorry, I think maybe I misread your reply. Are you saying nothing is found because nothing is on my machine to be found because the site is being blocked?
Yes, that is correct. When you visit a site, data from the site is send to your system as temporarly files. If a site is blocked it means the data was send, bot not allowed on your system.

I understand that part. However, I was still getting the message AFTER emptying all temporary files (cache, cookies, history, etc) with the browser CLOSED.

In any case, I have reformatted and installed Windows 7 and things seem to be all right malware-wise, now I’m struggling with blurry text! ::slight_smile: