That might be true - but it doesn´t explain why this message started to appear exactly three days ago, and is now showed every 15 minutes but never appeared in all the years before. That means that something, somewhere has changed without my will, and that´s what I´m concerned about: how was this possible, could this be possible again with a more harmful process - who knows what else is going on in my computer (from performance-reduction to even worse cases).
That´s why I would be interested to know what it is.
I don´t understand many other things that go on in my machine (what exactly happens if I post this message, for example), but as long as everything runs all right, I don´t worry about that. I start worrying when I get an error message that something was not OK with posting. Similarly, when my virus-scanner tells me that something tried to establish a connection to a malware-site, it is a case to worry for me - trying to understand whats going on to see if that is all or if there´s more in the background. I would be interested in an explanation of what´s going on in my machine, how Windows/avast works if you have one that can be understood by a non-computer-expert.
Our problem stems from having run multiple avast scans and two of the best specialist anti-spyware/malware programs and not found anything.
I do however, understand your concern, you physically don’t have to be trying to get to that link, it could be embedded in a web page you are visiting (that doesn’t explain the regularity though). That regularity I would say is something like regular update checking, etc. and the one thing I see in your list is mDNSResponder.exe and that is associated to:
The Bonjour Service supported by the file mdnsresponder.exe is also described as a zero configuration networking process that provides an automatic discovery feature for services, devices, and computers that are residing on IP based networks. Mdnsresponder.exe utilizes the industry standard IP protocol, which provides devices with an automatic discovery feature without requiring user intervention (when entering IP addresses) or the need for configuring DNS servers.
There are many that consider this adware and an unnecessary program that iTunes or Apple applications install. I honestly haven’t got much of a clue about this product, but by its name would appear to be trying to act as a dns and this may be calling home periodically and that may be where the netstat link cones in.
This is pure speculation on my part as I have avoided all Apple products, unfortunately speculation is all I’m left with.
Download and run HJT and post the contents of the log file (cut and paste or attach the log file) into this topic, you may need to split it over two or more posts depending on how large it is.
The “blocked” message appears not only when I’m browsing, but even when every browser is closed and I’m working in Word. So from my part, there’s no try to access the internet.
I don’t know if the problem could be connected to the fact that I installed a week ago a new hard-drive with bigger capacity in my laptop (restored the backups of the old hard-drive with the recovery-tool of my laptop to the new disk). After this, I repartitioned the disk. Everything runs as before, or even better (faster), but about 4 days after the installation, the avast-messages started to appear. I guess however that this is pure coincidence.
You don’t appear to have an active firewall - It should be capable of blocking unauthorised outbound Internet Connections. - What is your firewall ?
Suspicious:
What do you know about this entry ?
O4 - Global Startup: ALEPH 500 - Version 16 Version Check.lnk = C:\ALEPH500\alephcom\bin\Version.exe
There are some that consider this adware locate the file and upload to virustotal for checking, see below.
Check and see if that file is actually missing although this is meant to be a legit entry -
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
Other than that I don’t see anything obvious.
HJT ACTIONS
Suspect: Upload the file/s to VirusTotal, Send a sample to avast if multiple detections at VT and Fix in HJT (see below)
Send the sample to virus@avast.com zipped and password protected with the password in email body, a reference to this topic (give URL) and undetected malware in the subject.
Run HJT again (close any other windows except HJT), tick the box to the left of the suspect entry you wish to fix, click the Fix Selected Button.
C:\ALEPH500\alephcom\bin\Version.exe doesn’t exist on my system (whole C:\ALEPH500\ is missing), for this reason I could not send it to VT or the e-mail you mentioned. Aleph is a library-software installed on my system, but it was updated a while ago to a newer version, so this was maybe a relict.
Similarly, I found no file named ACNotify.dll on my system, so no of the upload/mail actions could be done, only the fix action was carried out.
Just in case - Ensure that you have hidden files and folders enabled and disable hide system files in Windows Explorer, Tools, Folder Options, Hidden files and folders, uncheck Hide extensions for known file types, etc. see image.
If they still aren’t present then you can Fix: the entries in HJT.
Yes, disable hide system files were activated - so I fixed the two files in HJT, but still the same message. I will be now away for a few days, hoping to resolve the problem thrsday, when I will be back.
I resolved the problem by performing a system restore - the messages disappeared. Should I uninstall Super Anti-Spyware, Malwarebytes AntiMalware and Hijack This? Do they not interfere with avast?
After Avast update to (6.0.1203)I cannot access Google as it states Network Shield has prevented it. Malicious URL blocked / URL:Mal Never have had this trouble in the past as Google is my home page. Any ideas? (Windows XP Pro)
It may be that your google search results are being redirected and this will need specialist help.
We will need the full details of the detection (a screen shot of the avast alert window probably easiest), what browser you are using and exactly what you are doing when the alert happens.