Malicious URL detected when opening Firefox/Yahoo Homepage

I’ve been using Avast! Free Antivirus for almost a year now, and lately I’ve been getting malicious URL detection upon opening Firefox immediately after the Yahoo homepage loads. Any assistance to figure out why and how to fix it is appreciated.

Thanks,
Jenn

Here are the attachments:

I have the same thing and have looked at the logs to download.As a basic user they are too complex for me to follow and feel safe.Is there any other solution other than uninstalling avast and replacing it with another anti-virus program? All my scans come up clean and the malicious notice only comes up on my yahoo home page and mail page.

Having done a little research across the web I’m not at all sure that it’s a false positive. There appears to be a bit of malware out there called ad.yieldmanager.com and it may have gotten to a Yahoo site and be being blocked. I’ve noticed that I don’t get it and I have Adblock Plus and my wife does and she doesn’t have Adblock.

So my Avast is working as intended?

I would still like feedback if everything on my end is okay, or if there is anything I should be worried about.

Hi @JennClaire

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:OTL
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll

:files
ipconfig /flushdns /c

:commands
[CREATERESTOREPOINT]
[EMPTYJAVA]
[emptytemp]


[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.[/list]

.

Comodo’s firewall or IS (antivirus)?

Please download zoek.exe and save it to your desktop.

[list]
[*] Close any open browsers.

[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:



filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;


[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button
Please wait until a logreport will open (this can be after reboot)

[*] Save notepad to your Desktop and attach here zoek-results.log

Note: It will also create a log in the C:\ directory named “zoek-results.log

Thank you Argus for your response.

To answer your question, I use Comodo as a firewall.

I have done the first part of what you instructed me to do just fine. When I try to run zoek a prompt from Comodo says it’s a suspicious program and wont execute it. Should I disable Comodo as well?

Should I disable Comodo as well?

Yes.

Thank you again for your time. :slight_smile:

Here are the logs you requested.

Re-run zoek with this script and attach here fresh zoek log results.

jfmjfhklogoienhpfnppmbcbjfjnkonk;chr 
emptyclsid;
emptyrecycle.bin;
FFdefaults;
chrdefaults;
emptyalltemp;
autoclean;
ipconfig /flushdns >> %temp%\log.txt;b

Here are the results of the re-run.

Do you have a problem now?
System looks clean.

After the re-run my homepage was switched to Google from Yahoo, I assume that is the default? Everything else seems to run smoothly. I can open Yahoo and no malicious URL detection is popping up. Much relief seeing you say the system looks clean. I was hesitant to continue to do any business and banking online.

If everything looks good, I appreciate the time you took to help and respond. Very much thank you!

JennClaire

Update the Avast. There is no malware on your system, you can have peace of mind.

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[
] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.

I recommended to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.

It is a very very good program.

Avast is updated and ran Delfix. Everything went smoothly, thank you. :slight_smile:

Is there anything I need to do?

Thank you on the insight of MCShield, I will definitely give it a go.

Is there anything I need to do?

No, we’re done.