Avast WEBforum
Other => Viruses and worms => Topic started by: grapefruit on July 24, 2010, 05:07:26 PM
-
I installed the latest version of free Avast. Reinstalled program. Ran Malwarebytes Anti Malware Scan in Safe Mode. Pop up continues from Avast; a red square "Malicious URL Blocked"--Avast network shield has blocked a threat's more information "Click". It directs you to Avast web site & it wants to sign you up for a paid subscription. I cancel the pop up and it reapears in 5 to 20 seconds.
-
avast does not redirects you or ask for sign up.
You most probably was a victim of a fraudulent program.
Can you post more info about the url and the virus warning?
-
avast does not redirects you or ask for sign up.
You most probably was a victim of a fraudulent program.
Can you post more info about the url and the virus warning?
+1
Please post more info..!!
asyn
-
Below is Web page I am directed to. I tried to copy & paste below but not much of web page shows. Is there anything else I can do?
Thanks
Tried and trusted by over 100 million usersavast.com avast! worldwide website Welcome to the avast! Security CenterThe webpage you tried to access is infected with a virus or other malware. Do not attempt to disable the avast! Web Shield in order to access the site.
Over 80% of new viruses and spyware spread via the internet, compared to in the past, when the key route for virus attacks was through email. Not only ‘dodgy’ sites are infected, but legitimate websites as well. This means that simply visiting a website to read the latest update on your favorite sports team could infect your computer...
In the last 30 days avast! has:
discovered 61 378 infected websites, and
protected 31 171 328 users from visiting them
Upgrade your web protection! Browse your favorite websites in the avast! Sandboxavast! Free Antivirus uses multi-layered security protection – just like today’s passenger car with seat belts, airbags, antilock brakes, collision-radar warnings, and more. The more security precautions, the better for your safety.
Imagine that you could avoid “accidents” by driving in a virtual car or driving simulator. avast! Internet Security’s web virtualization (the avast! Sandbox) offers just that. Even when the worst comes, only the virtual computer will be infected – and not your real computer.
Upgrade to avast! Internet Security with the avast! Sandbox virtualization
Worldwide & USA (English) LANGUAGE SELECTOR
Worldwide & USA (English) - Your current language
Europe (English)
Australia Belgique (Français)
België (Nederlands)
Brasil
Canada (English)
Canada (Français)
Česká republika Deutschland España
América Latina
France
Italia Nederland
Polska
Portugal
Россия Schweiz (Deutsch)
Suisse (Français)
Türkçe United Kingdom
日本語 中华人民共和国
العربية
| Homepage | About avast! | Contacts | Privacy Policy
Copyright © 1988-2010 AVAST Software a.s. (former ALWIL Software a.s.) – vendor of avast! antivirus products
-
I am having the same problem and mine is avast flagging my zynga toolbar as the malicious activity. Is there anyway to exclude MY software from setting off as BS attempt by Avast to get me to buy a product. Yes I was well am sent to a buy AVAST page when you click on the more information button.
-
same is happening to me... do we need to worry?
-
Hello,
zynga toolbar was a false it'll be fixed in next VPS.
Best regards
Jan Sirmer
-
same issue here with zynga toolbar....was working fine yesterday morning/afternoon....but last night getting blocked also this morning
thank you for any information...
have a great day........
-
Thanks for fixing it !!!!!!!!!!!!!! Have a great day !!!!!!!!!!!!!
-
Hello,
zynga toolbar was a false it'll be fixed in next VPS.
Best regards
Jan Sirmer
You need to fix it again - Avast blocked it again after updating this morning.
-
yep... ??? ::) :-\
-
Hello,
fixed again.
Sorry for troubles.
Best Regards
Jan Sirmer
-
um... not :-[ got it when I picked up on this reply
-
um... not :-[ got it when I picked up on this reply
Do you mean, you are still getting the alert on zynga.com or you are no longer getting the alert ?
See image, just visited and no alert, ensure that you have the latest virus definitions version installed.
-
um... not :-[ got it when I picked up on this reply
Do you mean, you are still getting the alert on zynga.com or you are no longer getting the alert ?
See image, just visited and no alert, ensure that you have the latest virus definitions version installed.
There hasn't been a new push of definitions since 2am - which was the push that messed it up again. The update may have been done internally, but I keep trying to grab a new definition in avast, and theres nada.
Also note: The Zynga.com itself website doesn't have the issue popup, its only the toolbar.
-
As of right now:
Still blocking:
toolbar.zynga.com/game_switcher/component.php
Still broke....
-
Hello,
it will be in VPS 100830-0
sorry for delay i missed 100829-1.
Best regards
Jan Sirmer
-
Bringing this back from the dead. I installed Avast thinking my old Antivirus was buggy. Unfortunately i am getting the same problem and avast is picking it up. I have completely scanned the computer with malwarebytes and avast. Malwarebytes found 0 and Avast found a MEMORY.DMP under the System32 folder which the file was delete by Avast. I really don't know what else i can do, the computer seems to be working totally fine, any help will be greatly appreciated.
(http://img24.imageshack.us/img24/6426/img20101103070323.jpg)
Thank you for your time and help!
-
i meant to add, that this comes up when i go to Google, and do a search for example lets say Avast. something within those results triggers the alert. But if i was to go straight to avast.com no warnings come up at all.
-
This keeps happening to me and is getting very annoying now. It is popping up every 5 minutes.
How do i stop it?
-
This keeps happening to me and is getting very annoying now. It is popping up every 5 minutes.
How do i stop it?
Run a full scanning... something could be infected in your computer.
@ Bert336: please, consider http://forum.avast.com/index.php?topic=19387.msg607589#msg607589
-
This keeps happening to me and is getting very annoying now. It is popping up every 5 minutes.
How do i stop it?
We are going to need more information, like posting an image of the alert window so we can check the site and process responsible for the connection, etc. ?
When does this happen, e.g. browsing, google search, what operating system and browser are you using, not browsing, etc. ?
-
This happening to me as well. I tried posting this earlier but got an error saying my image attachment was too big. Sorry if this posts multiple times...
I get this popup every two minutes.
I ran malwarebytes, GMER Rootkit Scanner, atf cleaner. No malware found.
-
This happening to me as well. I tried posting this earlier but got an error saying my image attachment was too big. Sorry if this posts multiple times...
1/ Disable proxy autoconfiguration in all your browsers. Do the alerts go away?
2/ Does the following sound familiar to you - like, is it your ISP?
# gwhois 68.178.232.99
Process query: '68.178.232.99'
Query recognized as IPv4.
Querying whois.arin.net:43 with whois.
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=68.178.232.99?showDetails=true&showARIN=false
#
NetRange: 68.178.128.0 - 68.178.255.255
CIDR: 68.178.128.0/17
OriginAS:
NetName: GO-DADDY-SOFTWARE-INC
NetHandle: NET-68-178-128-0-1
Parent: NET-68-0-0-0-0
NetType: Direct Allocation
RegDate: 2005-04-12
Updated: 2007-06-14
Ref: http://whois.arin.net/rest/net/NET-68-178-128-0-1
OrgName: GoDaddy.com, Inc.
OrgId: GODAD
Address: 14455 N Hayden Road
Address: Suite 226
City: Scottsdale
StateProv: AZ
PostalCode: 85260
Country: US
RegDate: 2007-06-01
Updated: 2009-09-16
Comment: Please send abuse complaints to abuse@godaddy.com
Ref: http://whois.arin.net/rest/org/GODAD
3/ If not, who is your ISP?
4/ Also please run the following in command prompt and post the output here:
nslookup wpad
-
1) Yes, changing away from automatic proxy detection seems to have solved the problem. Thanks! Now I have to figure out how that got turned on between two days ago and yesterday. I didn't install anything, could that be a sign of some other problem?
2) I used to use godaddy as the host for my web and ftp sites last year, but switched to a new host about 10 months ago. The computer I'm using is only 2 months old and has never interacted with godaddy in any way.
3) Comcast is my isp
4) Server: UnKnown
Address: 192.168.2.1
Non-authoritative answer:
Name: wpad.<my employer>.org
Address: 68.178.232.99
This is my personal laptop but I asked the IT dept to put this laptop on the company domain a few weeks ago? Could that be causing this? If so, is it strange that it only started happening yesterday?
Thanks so much for your help!
-
3) Comcast is my isp
Well, then your proxy obviously shouldn't point to GoDaddy. So is your employer using them (see below)?
4) Server: UnKnown
Address: 192.168.2.1
Is the above router yours? Did your IT dept. configure it?
Non-authoritative answer:
Name: wpad.<my employer>.org
Address: 68.178.232.99
This is my personal laptop but I asked the IT dept to put this laptop on the company domain a few weeks ago? Could that be causing this? If so, is it strange that it only started happening yesterday?
Are you actually connecting at work when you have this problem? The above points to a parked webpage at GoDaddy, not really to a proxy at all. (At least for me.)
# nslookup 68.178.232.99
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
99.232.178.68.in-addr.arpa name = parkwebwin-v02.prod.mesa1.secureserver.net.
Authoritative answers can be found from:
232.178.68.in-addr.arpa nameserver = CNS3.secureserver.net.
232.178.68.in-addr.arpa nameserver = CNS1.secureserver.net.
232.178.68.in-addr.arpa nameserver = CNS2.secureserver.net.
# nslookup 68.178.232.99 CNS1.secureserver.net.
Server: CNS1.secureserver.net.
Address: 208.109.255.100#53
99.232.178.68.in-addr.arpa name = parkwebwin-v02.prod.mesa1.secureserver.net.
Also, attach the OTS log here.
-
Well, whatever. What is going on is basically that:
- you have DHCP enabled
- your browser searches for proxy configuration via proxy autodiscovery, doing that, they query wpad hostname for configuration file location. The file is - per RFC - called wpad.dat
- the domain name your IT added your machine to is appended to the lookup, so that you get wpad.<my employer>.org query
- your employer has a wildcard DNS record that points to the GoDaddy webhosting (mkay, wildcard records are bad... :P)
- the webhosting for whatever reason happily serves the same parking index page no matter what your try to GET - instead of proper 404 Not Found ::)
# wget http://68.178.232.99/dfdfsdfsdfewretretretre
--2011-03-27 19:14:33-- http://68.178.232.99/dfdfsdfsdfewretretretre
Connecting to 68.178.232.99:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 24363 (24K) [text/html]
Saving to: dfdfsdfsdfewretretretre
100%[==============================>] 24,363 41.1K/s in 0.6s
2011-03-27 19:14:34 (41.1 KB/s) - dfdfsdfsdfewretretretre
- avast! dislikes that page for whatever reason. Beyond the advert links, I do not see anything suspicious in the source of the parking page.
Outta here. Someone might want to look at the source of the page. If it is clean, report as false positive. I do not think there is any infection on your machine. I also think that GoDaddy sucks.
-
Rats, disabling auto detect proxy settings didn't solve the problem. I'm still getting the message. It's not happening as often, but I just got the message as I was using my browser at evenue.net, confirming the purchase of some soccer tickets.
3) Comcast is my isp
Well, then your proxy obviously shouldn't point to GoDaddy. So is your employer using them (see below)?
As far as I know, my employer does not use godaddy.com for their ISP. This is happening to me at home rather than at work.
4) Server: UnKnown
Address: 192.168.2.1
Is the above router yours? Did your IT dept. configure it?
Yes, my home router. Same one I've been using for 1.5 years, no recent changes to configuration.
Non-authoritative answer:
Name: wpad.<my employer>.org
Address: 68.178.232.99
This is my personal laptop but I asked the IT dept to put this laptop on the company domain a few weeks ago? Could that be causing this? If so, is it strange that it only started happening yesterday?
Are you actually connecting at work when you have this problem? The above points to a parked webpage at GoDaddy, not really to a proxy at all. (At least for me.)
No, I was at home when this started happening.
# nslookup 68.178.232.99
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
99.232.178.68.in-addr.arpa name = parkwebwin-v02.prod.mesa1.secureserver.net.
Authoritative answers can be found from:
232.178.68.in-addr.arpa nameserver = CNS3.secureserver.net.
232.178.68.in-addr.arpa nameserver = CNS1.secureserver.net.
232.178.68.in-addr.arpa nameserver = CNS2.secureserver.net.
# nslookup 68.178.232.99 CNS1.secureserver.net.
Server: CNS1.secureserver.net.
Address: 208.109.255.100#53
99.232.178.68.in-addr.arpa name = parkwebwin-v02.prod.mesa1.secureserver.net.
Also, attach the OTS log here.
[/quote]
Will do
-
- avast! dislikes that page for whatever reason. Beyond the advert links, I do not see anything suspicious in the source of the parking page.
Outta here. Someone might want to look at the source of the page. If it is clean, report as false positive. I do not think there is any infection on your machine. I also think that GoDaddy sucks.
Ok, just confirming, it's safe for me to ignore that message when it pops up?
-
As said, attach the OTS log here.
As for your employer, they should really scratch the wildcard DNS record or at minimum point it somewhere else than the GoDaddy hosting. It's appears rather dangerous in combinations when morons like GoDaddy are involved who serve their landing page no matter what you ask for. Just imagine the page had something like this: http://www.theregister.co.uk/2011/03/25/spotify_malvertisement_attack/ and your AV missed it.
Meanwhile, edit C:\windows\system32\drivers\etc\hosts (Notepad, right-click and select "Run as Administrator") and stick the following there:
127.0.0.1 wpad
127.0.0.1 wpad.<my_employer>.org
::1 wpad
::1 wpad.<my_employer>.org
Note: this will break proxy autodiscovery for you when connecting at work.
-
I'm having the same problem it keeps popping up saying object: 94.229.7762/api/proxy.php process: c:/win.msilsystem.exe this been going on for bout month now ??? :'( when i chick in it it wants me to buy
-
I'm having the same problem it keeps popping up saying object: 94.229.7762/api/proxy.php process: c:/win.msilsystem.exe this been going on for bout month now ??? :'( when i chick in it it wants me to buy
Completely different issue. New thread, please. With logs.
-
I'm having a similar issue. I keep getting the message that the computer is being blocked from communicating with this site:
62.122.73.203/545/getcfg.php
The path is in the C: Asus/Appdata/Local/Temp/DAT827F.tmp.exe
Apparently it's related to a async file, as it's named Async Trace DLL
What do I do with this?
-
I'm having a similar issue.
What do I do with this?
New thread, please. With logs.
-
New thread, please. With logs.
He open a thread here: http://forum.avast.com/index.php?topic=74944.0
No logs, though.
-
Dear Sir or Madam,
We have received your information about the spam or abuse and we will follow up on this.
The instructions that have been sent to the initiator are as follows:
- Solve the problem
- Send us a response
- Send you a response
Important note:
When you reply to us, please leave the abuse ID [AbuseID:037C9E:12] unchanged in the subject line.
Best Regards,
Alexandra Aschenneller
Hetzner Online AG
Stuttgarter Strasse 1
91710 Gunzenhausen
Tel: +49
Fax: +49
abuse@hetzner.de
www.hetzner.de
Wow, took just 5 days. :P
-
Would be great if someone answered grapefruits question. Getting the same redirect as him. Do a full scan Avast finds nothing.
-
ok Im first timer being here in your forum and I am not a computer expert and side note I am 38 years old man just got you're free anti-virus after I got the update on December 30th at 6am and your program is started to acting up like crazy. Plus I just got me a new computer and I know there nothing wrong with it. keep doing this very time I click on google chrome and the Malicious URL Blocked keeps popping up for no reason. I like for some tell me how to stop this annoying problem and explain it to me like 7 year child because I don't know what to do or how to stop this problem.
look for ur self http://www.avast.com/en-us/lp-security-information-fp?p_ext=0&utm_campaign=Virus_alert&utm_source=prg_fav_60_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-us%2Fvirus-alert-default2&p_vir=url:Mal&p_prc=file://C:\Documents%20and%20Settings\Owner\Local%20Settings\Application%20Data\Google\Chrome\Application\chrome.exe&p_obj=http://92.242.140.58/wpad.dat&p_var=.%2Ffa%2Fen-us%2Fvirus-alert-default2&p_pro=0&p_vep=6&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=59&p_lng=en&p_lid=en-us&p_elm=7&p_vbd=1367
-
Hi psofan,
Please start your own topic here (http://forum.avast.com/index.php?action=post;board=4.0).
Follow this guide and attach logs.
http://forum.avast.com/index.php?topic=53253.0