I noticed that i was being re-directed after clicking search results to some weird spammy page instead of being directed to the correct url - 1 out of every 10 on each page of results, maybe something to do with google.pagead ?

I get the red box from avast:

MALICIOUS URL BLOCKED
avast! Network Shield has blocked a harmful site.

Object: hxxp://7.advertisingfeedppc.com/…/s0AyKrQoc=
Infection URL:Mal
Process C:/\Program Files (x86)\Mozilla Firefox\firefox.exe

I have tried spybot, avast, probably adaware some months ago, but still have the problem

Over past 24 hours I have done the following:

1. Run Full scan in Avast
2. Run Boottime scan in avast
3. run full scan in Malware Bytes
   4: followed advice on this forum, QuickScan in MWB, OTL, aswMBR (which doesnt seem to complete)
4. saved logs

some minor infections cleaned, but I still have the problem, logs attached.

Please advise!!

Please ‘modify’ your post change the URL from http to hXXp, to break the link and avoid accidental exposure to suspect sites, thanks.

There may be some delay due to differing time zones and availability of the volunteer malware removal specialists.

bump?

i’m getting the feeling it’s a false positive. Read somewhere that it could be a dodgy advertising cookie, i’ll check later today.

Cant find any dodgy cookies.

Can someone take a look at this?

a removal expert is notified

OK thanks,

Just to update… I have run Rogue Killer and adwcleaner.

I now only have this issue with google searches made in firefox.

Explorer, Safari, Chrome all search with no malicious URL warning.

The site URL you produced is from a fraudulent domain, engaged in collecting sensitive information from individuals.
Examining your logs by a qualified removal expert is advisable,

polonus

hmmm, and one of my email accounts was hacked recently… really need to sort this problem out.

Hi sorry for missing you …

On completion of these could you let me know if they have stopped

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
IE - HKU\S-1-5-21-2248556588-3414808932-649096023-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 195.182.195.195:8080
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CF81FAD2-989C-11E1-826E-B8AC6F996F26}: C:\Users\Steve\AppData\Local\{CF81FAD2-989C-11E1-826E-B8AC6F996F26}\ [2012/05/08 00:31:56 | 000,000,000 | ---D | M]
@Alternate Data Stream - 1235 bytes -> C:\Users\Steve\AppData\Local\SKWU28ZTRty:TzTeqL2JUckU8ysCwQmfemcUwXm
@Alternate Data Stream - 1234 bytes -> C:\Users\Steve\AppData\Local\Temp:lIxuA3XVzU6Vhd1SljY8bEaX
@Alternate Data Stream - 1041 bytes -> C:\Users\Steve\AppData\Local\Temp:rmX5YDtRDYqdzQOyAOOOtrr

:Files
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

https://dl.dropbox.com/u/73555776/AdwCleaner.GIF

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

thanks.

this is the log from running the fix

and this is the result from the scan (full scan)

and here is the AdwCleaner log

still getting the malicious url message from firefox

Could you confirm that it is just firefox… IE and Chrome are OK

I Checked IE , it was fine… Didn’t check chrome though. But previously today all the other browsers were fine… I’ll be back in 4 hours to follow next advice steps, thanks

OK next we need to start Firefox in safe mode

Details here : http://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode

Once in safe mode enable the addons one at a time checking for the alerts in between.
When you restart the addon that causes it , then disable it again and let me know which one it is

Wow thanks.

The addon which causes the problem is “Mozilla Safe Browsing 2.0.14” - when disabled everything’s A-OK.
I have checked all browsers and they are fine. Weird, they (IE, Chrome) definitely also had the issue before I ran the various clean up tools, I’m fairly certain of that.
I can’t remove this addon as it seems to be part of firefox, does this mean this firefox addon (or some of the firefox files) is infected/hacked? Or perhaps this addon triggers a false-positive in Avast?

I notice there is a ‘reset toolbars and controls’ function in safemode , and also a ‘reset firefox’

FYI, I also have the original log which show infections/cleanups in MBAM (from the first time I ran it) , and probably some of the other logs, if they are of any use in pinpointing a specific virus/malware.

I’m happy to just keep this addon disabled, but if there is more work to be done please advise,

Thanks! - seeing the light at the end of the tunnel now

Hi,

I am facing same problem as yours.
I followed your thread (to stop Mozilla Safe Browsing 2.0.14 add-on) to resolve this problem.
It seems hackers have found a leak in FireFox and used it to collect information from infected computers.

http://www.sevenforums.com/system-security/242672-avast-v-reporting-google-bing-malicious-urls.html

Worth a read…

Essexboy’s help on this thread http://forum.avast.com/index.php?topic=102444.15 inspires more confidence!

So what’s next? Delete it?