Malicious URL Blocked

Viruses and worms
1

Keep getting the following message as a pop up everytime i open a web page

MALICIOUS URL BLOCKED

avast! Network Shield has blocked a harmful site

Object: http//69.65.40.44/
Infection URL:Mal
Process C:\Windows\explore.exe

When i click the more details button it goes to this generic page

http://www.avast.com/en-gb/lp-fr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_70_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-gb%2Fvirus-alert-default&p_vir=“URL:Mal”&p_prc=“C:\Windows\explorer.exe”&p_obj=“http://69.65.40.44/”&p_var=.%2Ffa%2Fen-gb%2Fvirus-alert-default&p_pro=0&p_vep=7&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=224&p_lng=en&p_lid=en-gb&p_elm=7&p_vbd=1426

I have run the usual scans but it is showing no infections - any suggestions?

2

it looks as you may have a bug that try to phone home or something

follow this guide and attach (not copy and paste) logs from Malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

when done a malware remover will be notified…it may be several hours before he arrive

3

Attached as requested - many thanks

4

we also need OTL and aswMBR log

5

Posting them now - being told the file is too big…

6

part 3

7

aswMBR is taking a long time to complete. Is this normal?

8

No, but then again it is dependant on how long the Quick Scan (default option) takes, there may be some conflict going on.

You could stop it and try running it again but select None in the AV Scan: drop down list.

9

I saved this aswMBR log file - I hope this is correct

10

Ok - will re run, stand by

11

If the log you just posted was on completion then perhaps it isn’t required that you rerun it.

12

That ran a lot quicker - attached. TIA

13

Hmm an unusual one this. What browser does this occur in ? IE,FF, Chrome or all

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from “Start with Windows”
Reboot and then run OTL

http://i1224.photobucket.com/albums/ee362/Essexboy3/mbamstop.jpg

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O3 - HKU\S-1-5-21-1281435432-1778536668-3161317095-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1281435432-1778536668-3161317095-1004\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

14

Firefox is my browser of choice, but i also use IE so hard to say - seems to trigger with both

15

OK I will need to look deeper

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

16

Thanks - run and rebooted and hasnt flagged up the warning atm - will report if anything returns

Tried to attach log but it says max size allowed is 200KB - this file is 519KB, anyway around it?

17

Could you upload it to a file sharing site or Dropbox if you have it and then post me the link

18

Try this one

https://www.dropbox.com/s/rjhcmxcztpwf4ur/ComboFix.txt

19

That looks good - the bad file was a dll and I was looking for an exe as it was using explorer, a new twist

Could you surf the web for a bit to ensure it really has gone. Use all browsers if possible

20

thanks - currently doing that

What was the problem, something i downloaded or a corrupt file - anything i should be doing to avoid a repeat?