MALICIOUS URL BLOCKED

I am receiving a regular pop-up from Avast saying “Avast Network shield has blocked a harmful site” with information following giving an object,(bandwidthcheckstart.com) infection (URL:Mal)Action (Blocked) Process (C:\Windows/Explorer.EXE)

I have run a full scan and moved all identified threats to the chest, rebooted the PC, updated Avast but the Pop-Up still keeps re-occuring every few minutes. I have seen various posts in this forum but to be honest I don’t really understand from these what sensible actions I should be taking to identify how to deal with this and what this threat really is - I can’t even be sure whether it is a genuine Avast alert although I believe it is. I can’t get any useful information from the Avast Community Portal.

Can anybody help me?

try this

got to go out so someone else will continue help …

do u get redirected on sites like google?if yes then it is a rootkit.

once i see the log i can guide u through…though i also need to see you ots log so try this:

Download OTS to your Desktop and double-click on it to run it

[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

[*]Under the Custom Scan box paste this in


%SYSTEMDRIVE%*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post

Edited to add custom scans

Please ensure that all logs are saved in the ANSI format

http://i1224.photobucket.com/albums/ee362/Essexboy3/Untitled.gif
[/quote]

post the aswMBR and ots log in your next comment pls.

why are you posting suggestions when the OP have not responded to the first reply yet ???

sorry will keep a note of this sorry pondus

Looks like you tried quote essexboy’s script and image, but it failed no top quote tag.

Has essexboy been notified by either Pondus or DavidR?

I suggest for com155 to go and visit Geek2Go and ask for himself
to become enlisted there, if so he there can swan in and jump
onto any malware, allthough under supervision and strict guidance rules…

Let us wait for essexboy’s cleansing propositions,
I think we have an interesting fake AV malware infestation here,

polonus

Watching ;D

Thanks, hopefully we will get a response from the OP.