Hello All…I’m hoping someone can help me with the message I keep getting from Avast. Ever since I downloaded an ebook file two days ago, Avast warns me every time I pull up a web page. The warning is: “network shield: blocked access to malicious site 94.75.234.35.” I can’t find anything searching Google based on that IP and saw a similar thread in these forums, but it was related to a different IP. Hoping it might be related, I renamed the wdmaud.sys file as directed in the other thread, but it did no good. Any help would be greatly appreciated. Thank you for your time.

This IP belongs to LeaseWeb.

Port scans, DoS attacks and spam.

Thorough scan or boot-scan your computer for worms.

You can also try one of these online scanners

Dr. Web CureIT (On-Demand Only)
Kaspersky Online Scanner
Trend Micro HouseCall

Hi crazy80000,

Check link info as I found it: Fake codec site! It attempts to download files on user’s PC without it’s consent. The files are disguised as audio codecs and are flaged as trojan downloader by anti-viruses. This site is opened by fake “.mp3” files distributed in Gnutella p2p file sharing network when user tries to play them using WMP.
The “mp3codec.exe” trojan is hosted at:
hxxp://94.75.234.35/mp3codec/mp3codec.exe
or
hxxp://mp3codecdownload.com/codec/mp3codec.exe
and it`s analisys is:
http://www.virustotal.com/analisis/bfad61b881148d57711cf5e217e7642e

polonus