URL:mal in yahoo spam

I’m getting about 2-3 URL:Mal warnings from Avast whenever I get spam messages in my yahoo email.

Curiously, it doesn’t trigger EVERY time I have spam emails spam as I’ve emptied the folder without incident several times now, so this seems to be focused on certain spam mails I’m getting, though I don’t have a clear picture of which ones.

I have run the required scans and included the logs below, though all of the scans came back clean or at least didn’t tell me to fix anything.

This has been going on for several weeks now, with varying degrees of intensity. Though I haven’t seen anything happen outside of the URL:Mal warnings form Avast. This anything I need to be worried about?

EDIT: Because I forgot to mention: I’m using firefox, and the URL:Mal warnings say they’re coming from firefox.exe

Do you access your mail using firefox ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1843234593-3750237451-1844711265-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKCU - DefaultScope {E718F049-DAB2-4CCC-970B-4BF5C1620C76} URL = Task: {7046B73D-D5E3-4340-B5E4-56E3B6E2C765} - \ArcadeParlor No Task File <==== ATTENTION C:\Users\chris\jagex_cl_runescape_LIVE.dat C:\Users\chris\random.dat EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Yeah. I’m viewing my mail from mail.yahoo.com in Firefox.

AdwCleaner found a couple things. Here’s the new logs.

Not a lot wrong on the system. May I ask why you open spam messages rather than binning them

I open the folder to make sure there’s nothing important got tossed into spam on accident.

Occasionally? I might open a seemingly important message just to double check, but I won’t touch attachments or links and yahoo blocks a lot of stuff anyway.

like… 99% of the time however? I open the folder, glance at the headers, say ‘Nope!’ and hit the empty spam button without having touched anything.

Your system appears clean do you have any other problems ?

I don’t know of any other problems right now.

Anyway, thanks for the help. Hopefully I won’t be seeing any more warnings when I empty spam now.

Just got another URL:mal.

Told avast to give me the last pop up and it said it was for hxxp://www-health-secrets.info/8h0k5zmt/refer3.asp?r=1252cabc&e=knight_of_ni83@yahoo.com&s=18075-X025914563,B814A0B1D43CA76B821C0BB866A7D53FF6CC014C87B17

Were you in your spam folder again ?

It only happens if I go to the spam folder, and even then only apparently if certain emails are within said folder.

I’m guessing whatever it is is tied to a specific spam campaign(s)?

That said, I tried emptying without looking just now at that seemed to work, so maybe it’s just that? though I still saw the folder for a moment when I clicked the button. Hmm…

Is there a chance this is something on Yahoo’s end? I have noticed a lot of downtime from them this week and you did say I should be clean. Plus this is being weirdly specific as only some emails trigger the warning, if they aren’t in spam, I can empty it and not get a warning. Maybe they got hit by something and they’ve been trying to clean it out?

Very probably as Yahoo is prone to this sort of problem

That would make sense.

Well if mu pc is clean, and given what we know now I can’t think of a good reason for it not to be. What do I do now? Delete without looking unless I’m waiting on something important? If I get any warnings just put up with them until either Yahoo fixes things or the spammers knock it off?

At the least, it’s been slowly becoming less of an issue since it started so I’d expect this has to stop eventually.

Yes just be cautious of any spam :slight_smile:

Alright, thanks.