url.mal picked up on .exe, put nothing finds it?

Hi,

I’m running an XP development machine in Parallels 8 on my iMac. I’m doing development in Shiva3D on the desktop. Today Avast Free started reporting the following when I try and open up the help file (a .chm) from within Shiva.

Infection Details URL: http://bletsurvey.net/d/securityvideocamera.net Process: C:Program FilesStoneTripShiVa Editor ... Infection: URL:Mal

I’ve run a full system scan by Avast, run Malwarebytes AntiMalware, and the aswMBR rootkit detector. Tried to use the Trend FakeAV toolkit, but for some reason it doesn’t run when I run it, it just creates a directory of stuff.

None of the scans are reporting anything. They all say I’m clean, but the error continues to occur every time I try to open the help file.

The only other thing I did on the VM today was install Firefox (I usually use Chrome). I uninstalled Firefox again, but the problem remains.

Is this a false reading of some kind, or is it something none of the checker tools can find except the Avast network security component?

Thanks.

URL:mal means the URL is on a block list… URLVoid report: http://www.urlvoid.com/scan/bletsurvey.net/ also see domains listed at the bottom…

something…i guess this (Process: C:Program FilesStoneTripShiVa Editor …) is trying to connect ?

Yes, I figured that bit out, but I’m not sure how it’s started happening or how to stop it. Shiva Editor is an IDE that I’ve been using for years and hasn’t been updated for a couple months… Opening the .chm help file is the real problem, as doing that from explorer gives the same error but in hh.exe. The help file does include tabs to access web pages, but they should not be using that bletsurvey link.

Is it possible for a .chm to become infected, and how do I stop it?