Author Topic: Maliciouss URL Blocked keeps popping up every few minutes!  (Read 1843 times)

Offline pleasehelpme

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Maliciouss URL Blocked keeps popping up every few minutes!
« on: January 11, 2013, 11:29:32 PM »
Hello,

I keep getting messages that says malicious url blocked and continues to pop up every few minutes and while it is up, it will repeadly says "threat has been detected" with a dinging sound. It is making using using my computer very difficult >:( Is anyone able to help?

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Maliciouss URL Blocked keeps popping up every few minutes!
« Reply #1 on: January 11, 2013, 11:42:53 PM »
This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

There may be some delay due to differing time zones and availability of the volunteer malware removal specialists.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline pleasehelpme

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: Maliciouss URL Blocked keeps popping up every few minutes!
« Reply #2 on: January 12, 2013, 12:17:57 AM »
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.11.15

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

Protection: Disabled

1/11/2013 8:10:13 PM
mbam-log-2013-01-11 (20-10-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207700
Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3740 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\User\AppData\Local\Temp\services.exe.mui (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Maliciouss URL Blocked keeps popping up every few minutes!
« Reply #3 on: January 12, 2013, 12:55:43 AM »
OK it is now almost 2am in the UK and many of the volunteer malware removal specialists are in this and European time zone and only a few in the USA. So it is likely to be later today when they will be able to look at it.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline pleasehelpme

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: Maliciouss URL Blocked keeps popping up every few minutes!
« Reply #4 on: January 14, 2013, 07:45:54 PM »
Please help, as my computer continues to pop up with malicious url block. Thank you.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Maliciouss URL Blocked keeps popping up every few minutes!
« Reply #5 on: January 14, 2013, 08:46:12 PM »
Sorry this one looks like it dropped out of the list.

A malware removal specialist has been informed of your topic.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29024
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Maliciouss URL Blocked keeps popping up every few minutes!
« Reply #6 on: January 14, 2013, 09:07:19 PM »
Hi lets get at it

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 
  • Doubleclick on TDSSKiller.exe to run the application


  • Then click on Change parameters.
     

     
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
     
  • Click the Start Scan button.
     
     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     

     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

  • Get the report by selecting Reports

 
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please attach its contents on your next reply.

THEN

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Offline pleasehelpme

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: Maliciouss URL Blocked keeps popping up every few minutes!
« Reply #7 on: January 15, 2013, 12:43:02 AM »
20:41:31.0178 4612  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:41:31.0911 4612  ============================================================
20:41:31.0911 4612  Current date / time: 2013/01/14 20:41:31.0911
20:41:31.0911 4612  SystemInfo:
20:41:31.0911 4612 
20:41:31.0911 4612  OS Version: 6.1.7601 ServicePack: 1.0
20:41:31.0911 4612  Product type: Workstation
20:41:31.0911 4612  ComputerName: USER-PC
20:41:31.0911 4612  UserName: User
20:41:31.0911 4612  Windows directory: C:\Windows
20:41:31.0911 4612  System windows directory: C:\Windows
20:41:31.0911 4612  Running under WOW64
20:41:31.0911 4612  Processor architecture: Intel x64
20:41:31.0911 4612  Number of processors: 4
20:41:31.0911 4612  Page size: 0x1000
20:41:31.0911 4612  Boot type: Normal boot
20:41:31.0911 4612  ============================================================
20:41:31.0911 4612  BG loaded
20:41:32.0176 4612  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:41:32.0192 4612  ============================================================
20:41:32.0192 4612  \Device\Harddisk0\DR0:
20:41:32.0192 4612  MBR partitions:
20:41:32.0192 4612  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:41:32.0192 4612  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
20:41:32.0192 4612  ============================================================
20:41:32.0208 4612  C: <-> \Device\Harddisk0\DR0\Partition2
20:41:32.0208 4612  ============================================================
20:41:32.0208 4612  Initialize success
20:41:32.0208 4612  ============================================================


Currently the popups aren't coming up; however, avast is disabled.... should i enable avast again?

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Maliciouss URL Blocked keeps popping up every few minutes!
« Reply #8 on: January 15, 2013, 10:06:03 AM »
Yes you should, unless essexboy's instructions state that you should disable it for a particular scan duration; when that scan is over you should restart avast.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29024
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Maliciouss URL Blocked keeps popping up every few minutes!
« Reply #9 on: January 15, 2013, 01:51:56 PM »
Hi I will need to see the large log located at C:\TDSSKiller date time to ensure that all has gone

Offline wiguy4000

  • Jr. Member
  • **
  • Posts: 60
    • Personal Message (Offline)
Re: Maliciouss URL Blocked keeps popping up every few minutes!
« Reply #10 on: January 15, 2013, 03:51:49 PM »
Not sure my problem is related but I get the “threat has been detected” when I go to web sites that I know are ok. Hulu for one. I can then go and will find that I can not go to google search site at all with firefox ( the browser I most use) chrome or Internet explorer none will go to google. This has been recurring every week or so just after avast has updated its definitions. The only thing I know to do to fix the problem is go back to a restore point of windows XP Home when things were ok. About a week will go by and it starts all over again. If this is malware or a Trojan horse or what ever I thought avast took care od them. After all the damn app updates its definitions about twice a day after I have booted up more than any virus protection software I have ever tried. I am running the free trail version and was thinking of buying it when the trial period is up in a few months but if it works like it has been forget that.
Has anybody else had the same symptoms with it saying a threat has been detected at a reputable site and the not being able to get to google search?

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29024
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Maliciouss URL Blocked keeps popping up every few minutes!
« Reply #11 on: January 15, 2013, 04:40:20 PM »
You may have a dormant infection within the browser or host file.. Create a topic and I will have a look

Offline pleasehelpme

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: Maliciouss URL Blocked keeps popping up every few minutes!
« Reply #12 on: January 16, 2013, 02:40:32 AM »
Is this what you are looking for?

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29024
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Maliciouss URL Blocked keeps popping up every few minutes!
« Reply #13 on: January 16, 2013, 01:33:18 PM »
No there should be a larger one which shows all the drivers

Offline pleasehelpme

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: Maliciouss URL Blocked keeps popping up every few minutes!
« Reply #14 on: January 16, 2013, 06:12:04 PM »
I just ran this one.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now