Hello, I clicked on a link that took me to a site.

Now, Avast Web Shield is constantly blocking harmful webpage or files.

I am getting a lot of blocked pages coming from hxtp: //31.184.194.39, hxtp: //search-world.biz, hxtp: //fOfffO.com
hxtp: //tosearch.biz/search.php?query =, hxtp: //fa8072.com, hxtp: //db7093.com/query?version1.7

The problem is, in the past I’ve had a similar problem. Yet Avast was not able to get rid off it or find it even after doing a boot scan.

Can someone from Avast go to these websites and find a way to get rid of this?

These messages come up even when I don’t have a browser up. All I have to do is be connected.

This is taking up resources. Please help.

What can I do to get rid of this?

Follow the steps here https://forum.avast.com/index.php?topic=53253.0

Please make the links not clickable.

I was able to find out what was causing this problem.

It was a file called C:\syswow64\dllhost.exe

Can someone from avast who works with the virus removal signatures create something against this?

I don’t understand how these files get automatically downloaded and are able to escape detection from Avast’s WebShied? Are they using a JavaScript or something to automatically download past all your browser’s restrictions and an antivirus software?

What can I use to prevent these automatic download or execution of bad files?

See for instance why this url is malicious: http://sitecheck.sucuri.net/results/31.184.194.39 *
Outdated Server software. Unable to properly scan your site. Site returning error (40x): HTTP/1.1 403 Forbidden
This IP from St. Petersburg was reported 29 times for abuse: http://www.abuseipdb.com/report-history/31.184.194.39
under various categories like hacking, spam, bruteforce phishing, fraud order, scan, proxy scanning, SQL injection,
so all sorts of cybercriminal activities under the sun taking place from there.
It is a new launch site for CryptoWall malware.
Read about the outbound process windows\syswow64\dllhost from there: http://malwaretips.com/threads/malicious-website-s-blocked-outbound-process-windows-syswow64-dllhost.39308/

So we have every reason to ask the poster to break the live link as with hxtp:// etc.

• IP site has never been resolved - No domains! VirusTotal has never resolved any domain name to the IP address under consideration.
  Only 83 blacklisted URLs with ongoing events: http://sitevet.com/db/asn/AS44050
  port 80 - 89 open - nginx 1.2.1 → risk 10 out of 10: http://toolbar.netcraft.com/site_report/?url=http%3A%2F%2F31.184.194.39
  Block this IP and save yourself the hassles: https://theadminzone.com/threads/block-this-ip-and-save-yourself-the-hassles.103392/

polonus (volunteer website security analyst and website error-hunter)

P.S. Confirmed what you found and now wait for a qualified remover to guide you to the cleansing routine.
Follow his instructions to the dot.

Damian

Hello, do you want me to get rid of those site links?

I only posted them just in case someone from Avast virus removal wants to check out those sites.

Also, why was RogueKiller removed from the above link that someone placed? Is there something wrong with that program?

I never use rogue killer unless I need it. Those scans are sufficient for me to locate and deal with most problems

I see now that the double quad site (hxtp://31.184.194.39) is being flagged and blocked by avast.
I reported it, but I saw they already have a warning out to not visit this IP address.
See: https://www.robtex.com/en/advisory/ip/31/184/194/39/
malware in that AS: http://support.clean-mx.de/clean-mx/viruses.php?as=as44050&response=

polonus

In case anyone would like this, BitDefender labs offers a free tool against CryptoWall

This is not cryptowall but poweliks

That tool only works for old(er) versions of Cryptowall.