Malicious URL blocked

system · July 8, 2012, 9:35am

hi,

When I visit some sites Avast promts me about blocking the malicious url. I already did scanning with OTL. I’m attaching logs.

Would you be so kind and instruct me what to do next.

Pondus · July 8, 2012, 9:36am

aso attach the aswMBR log and Malwarebytes quick scan log

removal specialist is notified…may take several hours before he arrive

Pondus · July 8, 2012, 9:46am

you may also post the URLs you have problems with so we can check them

post them unclickable… http as hxxp and www as wxw

system · July 8, 2012, 10:15am

I attached mbam log

URLs are
hxxp://wxw.durini.si/
hxxp://wxw.sdtempo.si

tanx.

system · July 8, 2012, 10:19am

I do not see your MBAM or aswBR logs attached. Can you attach them again? Thank you.

system · July 8, 2012, 10:24am

sorry

I posted wrong URLs

Right url is hxxp://lohnrnnpvvtxedfl.ru/runforestrun?sid…

system · July 8, 2012, 10:26am

MBAM looks clean. How about attaching your aswMBR log?

system · July 8, 2012, 10:30am

sorry but I’dont know wher to get it.

system · July 8, 2012, 10:34am

Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.

Scroll down the pages and follow the directions of obtaining an aswMBR log. Post the log as an attachment (Additional Options > Attach > Post).

After posting the log, do not make any changes to your machine. Do not sync anything to your machine and try not to use it.

I am notifying a malware specialist to assist you. Thank you.

Also, please let us know if your machine is acting differently (describe how it is different).

essexboy · July 8, 2012, 10:45am

Does this happen on any specific sites ? Or is it random

Also is this in Firefox, IE or both

system · July 8, 2012, 10:57am

It happens only on these sites for now. These sites are on same server and I manage them.

hxxp://www.durini.si/
hxxp://www.sdtempo.si
hxxp://www.busman.si

essexboy · July 8, 2012, 10:58am

OK that would suggest to me that the site has been hacked

I will ask iDonovan to look at the site as your logs appear clean

Pondus · July 8, 2012, 10:59am

edit your post above…post links unclickable

yepp…those websites are bad…see scan result

system · July 8, 2012, 11:02am

Ataching aswMBR log. It happens in firefox and iexplorer

essexboy · July 8, 2012, 11:15am

Yep it is the sites and not your system that has the infection

Donovan · July 8, 2012, 2:21pm

Detection is correct. All 3 contain the algorithm that leads to one of the Pseudo-Random .ru websites based on date.

Because avast! blocked the sites, you are protected.

essexboy · July 8, 2012, 2:38pm

Cheers ;D

Announcements