since yesterday i am getting URL Blocking Messages from AVASt every 5 to 10 minutes.
Objekt: http://rk400.com/?sov=rook-s1ysoft.com
Infektion: URL:Mal
Process: allways: wnsiapi.dll but from different Programms / Chrome, Mozilla Firefox, Thunderbird
I´m not sure what i can do about this. No infections where found on a complete scan. I read other posts, but i cant get this problem solved. Any help would be appreciated.
I have the same issue on one (not all) of my PCs. It only happens when I log into InterNet Explorer. The pop-up repeats every couple minutes. I tried to add the website into the Block Shield but still comes up. I’ve run MBAM, Avast Full, Avast Boot-Time scans and no issues. I know the “site” is defined as BAD…but I am not sure what on my PC pulses to it when IE launches…I assume the root cause. The program shows as IE program ws2help.
At this point I’d like to be able to at least surpress the pop-up since I am not physically going to this website myself. I would have assumed the Block Shield in Avast would have done this but can’t seem to get it to work.
Let me know thoughts…I have four PCs at home and only one does this…it is Windows XP SP3, all the latest updates and to be honest the most bare-bones system I have…only really used for web searching periodically.
UPDATE:
I just had Avast DB update (120328-2) and ran Full scan…found:
C:\Windows\system32\drivers\pfmodnt.sys
C:\Windows\system32\drivers\usbaapl.sys
…shows as High Severity…and Action to Delete…tried to select DELETE and Avast gave me error that it could not find files.
I rebooted and ran MBAM in safe mode and found nothing.
I then noticed in the Status in Avast Chest that said these are hidden root kit files.
So, I went and scheduled a Boot Time Scan to have Avast Catch (Delete) these rootkit files on reboot…it ran and no/zero items found.
Is there anything else I can try to remove ?
Any idea if the above is linked to this website issue ?..I ask because this PC has been clean prior.
Well, I’ve tried MBAM…normal and in Safe mode, Avast Full Scan and Boot Scanner…no/zero items found.
I also enabled site block an put this http://rk400.com in the list…this thing still pops-up.
My machine is a XP Pro SP3 will all updates…thus loading a new O/S is not an option.
Any ideas by the experts are welcome !!!
FYI, if this is not a real issue then I’d like to understand how to supress the message…the Site Blocking did not work.
I guess I could go in to Settings under PopUps and put “0” in the seconds but not sure that would work and seems a cluge.