Web page block results in Avast! crash

I went to the website www dot chromaradio dot net using the latest version of Firefox. This site’s page loaded but prompted an Avast! site blocked alert. I closed the browser and tried to open the avast user interface to review what had been blocked, but got a windows message that there was an error with the avast program and windows would have to close it down–the one where you can report the problem to Microsoft or choose not to report. I closed windows immediately and restarted the computer, but the log entry was lost. An immediate quick scan shows no threat, but I was concerned something got under the radar that caused Avast to crash. Any suggestions?

Check the folder C:\ProgramData\Avast Software\Avast\log
Are there any files called unpXXXX (where XXXX is a random number) or *.mdmp there?
If so, send them to
http://www.mailonpix.com/images/0da0c5e21c19d4858c8994a82e79b7d0.gif

They may contain more information about the problem (maybe a link to this thread).
Post back when done.

Thanks. I found one dated today and sent that to the link you gave. I forgot to mention I use windows xp, but I knew where to find the shared data files. :slight_smile:

Sorry didn’t get any email so far…

Sorry, I misread “vlk” as “vik” and the email bounced. Sending again.

When I access this thread I get the following block from MBAM
17:47:01 user MESSAGE IP Protection started successfully
17:47:55 user IP-BLOCK 77.221.130.15 (Type: outgoing, Port: 49599, Process: avastsvc.exe)
17:47:55 user IP-BLOCK 77.221.130.15 (Type: outgoing, Port: 49601, Process: avastsvc.exe)

Not sure why it would specifically be this topic as there doesn’t appear to be anything in it associated with infobox.ru (the IP you posted).

I don’t know if MBAM IP function follows links to find something in the link posted by the OP, as avast isn’t the only one blocking this domain, firefox ‘safe browsing’ also doesn’t like it, but that is for a different domain and IP address, see image.

But it is entirely possible this site could be redirecting to infobox.ru, but I don’t believe the MBAM IP checking follows links to see if anything in another level is blocked.

It would be nice if the OP disabled the active link anyway.

This is the only topic on which I get the block (though given the number of people with MBAM Pro it is perhaps a bit odd that nobody has said ‘me too’)

It is the image of Vlk’s email address that Tech posted, that is causing the block by MBAM

That’s strange as the IP address didn’t come up as mailonpix.com when I checked the IP but infobox.ru.

Though I think I know the problem the IP is for a colocation and virtual hosting service, so there could be hundreds of domains using this IP.

Update on IP, http://77.221.130.15.dnstree.com/, and domain: -http://inmd.ru
Re: http://killmalware.com/inmd.ru/ Bad web rep: https://www.mywot.com/en/scorecard/77.221.130.15?utm_source=addon&utm_content=warn-viewsc
Malcode found there: http://www.scumware.org/report/77.221.130.15
Re: https://sitecheck.sucuri.net/results/inmd.ru - Outdated Web Server Nginx Found: nginx/0.7.67

polonus

Since you are responding to a topic over four and a half years old, I suspect the IP could have been assigned to another use/domain/service, etc.

Hi DavidR,

It is an update on the general badness history of that particular IP with many various domain names on that same IP. It means that the initial insecurity has not subsided over time. This is the only meaning in such update. Often we find that reporting here does not work any change where insecure domain hosting is being concerned, which is a sorry state of affairs actually.
I often go over my earlier postings and whenever in some aspects they have some actuality I report whenever similar malcode, hacks or insecurities, vulnerabilities, exploits or misconfigurations or sloppy practices are being continued.
The IP here in this case has a long, long history of continuous abuse.

polonus