I was wondering if anyone could please help me to solve this problem. I’ve seen a lot of threads similar to mine, but none seem to address the issue I’m currently experiencing.
Whenever I use Chrome, perhaps an hour or so after I’ve been using it, Avast! keeps giving me the message “Malicious URL blocked” each time I load a page or change tabs (no matter what the site, be it Gmail, Facebook, Comedy Central, a new google search, whatever.) The “Object” is always the website that I am visiting.
Since that all begun about last week, I have tried several solutions. Avast! picks up nothing each time, Malwarebytes Anti-Malware picked up a few things initially which I got rid of but then I continued experiencing the same pop-up from Avast. Then I ran scans with AdwCleaner, RogueKiller, and finally TDSSKiller but to no avail. The latter only ends up finding 3 objects, all of which are medium-risk and do not have a “Cure” option. Everything seemed to be going fine but then the Avast! “Malicious URL blocked” pop-ups continued.
Other things I’ve tried: System Restore to 30 days ago, uninstalled all Google software on my laptop and deleted all Google-related files, uninstalled Google extensions and then reinstalled “trusted” ones that might help with security (AdBlock Plus [with Malware blocker on], avast! Online Security, Disconnect, Flag for Chrome, and HTTPS Everywhere)
Finally, I’ve just finished running a complete scan with SUPERAntiSpyware and it only found Tracking Cookies. I guess I’ll delete those too, but I don’t think it’s going to solve any of my problems.
:Commands
[CREATERESTOREPOINT]
:OTL
O2 - BHO: (Codec-C Class) - {09526FA6-040C-4552-809C-F05F25861335} - C:\ProgramData\Codec-C\bhoclass.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-2391621697-4015267187-2753864887-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
I will run the fix with OTL and keep try and catch my computer the next time it starts flashing the warning. I don’t have Firefox and while I have IE, I never use it but I will also start using it to see if the same issue arises with IE. It might take me a while to get back to you with the screenshot because as I said, it starts happening repeatedly only an hour (or maybe more… haven’t timed it) after I’ve been running Chrome.
Thanks so much for your help and I’ll try to get back to you as soon as possible.
Haha great! Thanks for your patience. Well here is the log for the OTL scan I just did. Also, I do remember now that I think about it that the malicious URL that Chrome blocked each time was always preceded by toolbarqueries.google.com or maybe it was toolbarqueries-google.com (and then facebook.com or gmail.com, etc.). But yeah, like I said I’ll keep trying to catch the warning
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Despite using Chrome all day, I haven’t encountered the Malicious URL blocked pop-ups anymore… I hope this means everything is resolved, but I don’t want to make any assumptions just yet since that’s what I kept thinking all week only to see the pop-ups again later. And I haven’t gotten around to using IE much yet, but I’ll try again today.
Did you want me to still try the fix you just posted today around 12:45? I noticed it mentions Mozilla a lot even though I don’t have Mozilla and never have on this computer.
The fix is to tidy up the Firefox entries present on your system is all. The culprit was either in the temporary files or Java cache which OTL cleared on the first run
Unfortunately, immediately when I opened Chrome today (I seriously don’t understand the timing of these Malicious URL blocked pop-ups) the pop-ups began again. Here are screenshots of the pop-ups in Chrome. I still haven’t had time to check with IE.
That is running from the google addons/extensions we can block it by doing the following
Go to C:\Windows\System32\Drivers\etc
Locate the file called Host
Right click and select Open with …
Select Notepad
Add the two lines below to the bottom of the file
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
localhost name resolution is handled within DNS itself.
Sorry this is probably a really stupid question, but how can I get the file to save with the text you just gave me if I’m getting a window that says “You don’t have permission to save in this location. Contact the administrator to obtain permission” … Not really sure what to do since I’m the only user.
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks