Author Topic: Web Shield has blocked a harmful webpage  (Read 1519 times)

Offline andynayrb

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Web Shield has blocked a harmful webpage
« on: October 29, 2013, 11:29:58 PM »
Pretty much non-stop I am getting this message:

Avast! Web Shield has blocked...
Object:  hxxp://3300cc.com/.../...   (what follows the initial url changes every time as far as I can tell)
Infection:  URL:Mal
Process:  C:\Windows\explorer.exe

I have run the suggested scans and am posting the results.

If I disable my internet connection, the messages stop, so it seems that somebody is trying to make a call.

« Last Edit: October 30, 2013, 10:32:43 AM by andynayrb »

Offline TwinHeadedEagle

  • Removal Expert
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1244
  • Gender: Male
    • Personal Message (Offline)
Re: Web Shield has blocked a harmful webpage
« Reply #1 on: October 30, 2013, 07:09:16 AM »
Hi,



Re-run Adwcleaner, but now make sure to hit Clean button, after the scanning is complete.
Attach me that log.



Then...



Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Online Michael (alan1998)

  • Super Poster
  • ***
  • Posts: 1247
  • Gender: Male
    • Personal Message (Online)
Re: Web Shield has blocked a harmful webpage
« Reply #2 on: October 30, 2013, 09:07:53 AM »
Sorry for barging in here.

Andy, that link is live. You need to change the http://. to hxxp://. It cannot be live for the people on the forums who are already infected. Thank you!
i7-3770, GTX 760DCII OC, 16GB DDR3 RAM @ 1600Mhz, 2TB HDD @ 7200RPM, 32GB SSD.

Offline andynayrb

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Web Shield has blocked a harmful webpage
« Reply #3 on: October 30, 2013, 11:04:37 AM »
The logs are attached.

Thanks

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20145
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: Web Shield has blocked a harmful webpage
« Reply #4 on: October 30, 2013, 11:17:00 AM »
Hi andynaryb and TwinHeadedEagle

On that domain, some additional info.
For some of that info google "3300cc.com malware" - most prevalent flagged is a Kazy variant from there.
Bitdefender Traffic Light has it blacklisted: http://www.urlvoid.com/scan/3300cc.com/
I get a browser difference: Not identical

Google: 234 bytes       Firefox: 609 bytes
Diff:         375 bytes   which is apparently "a padding to disable MSIE and Chrome friendly error page".

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline andynayrb

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Web Shield has blocked a harmful webpage
« Reply #5 on: October 30, 2013, 01:44:49 PM »
To add to the fun, after the reboot,  Avast will no longer run at start-up.  The service is running, but Avast doesn't show up at start-up, and double clicking on the icon does nothing.  So it appears that our friend has started blocking avast.  And IE keeps changing it security setting to block downloading, I can change it, but it just resets it again.  Chrome seems unaffected at this point.

Offline TwinHeadedEagle

  • Removal Expert
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1244
  • Gender: Male
    • Personal Message (Offline)
Re: Web Shield has blocked a harmful webpage
« Reply #6 on: October 30, 2013, 02:25:52 PM »
Hi,


1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\User\AppData\Local\Temp\stivxnc\sxpuqqy\wow.dll ATTENTION! ====> ZeroAccess?
C:\Users\User\AppData\Local\Temp\stivxnc\sxpuqqy\wow.dll
C:\Users\User\AppData\Local\Temp\
cmd: ipconfig /flushdns

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.



Then...



Download ListParts64.exe from link below

http://www.bleepingcomputer.com/download/listparts/dl/78/

Start it, click on Scan, and attach the report.



Then...



Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Offline andynayrb

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Web Shield has blocked a harmful webpage
« Reply #7 on: October 30, 2013, 03:08:24 PM »
Things seem to be running well now.  Antivirus is running again, not giving me alerts every second or two. 

IE seems to be acting funny now.  I open the homepage, which is google, and it gives me the "you are about to view pages over a secure connection" popup.  my guess is there were all sorts of settings changed in IE, but that is just a guess.

Offline TwinHeadedEagle

  • Removal Expert
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1244
  • Gender: Male
    • Personal Message (Offline)
Re: Web Shield has blocked a harmful webpage
« Reply #8 on: October 30, 2013, 03:29:01 PM »
Ok, logs look clean now...

Any problems?

Offline andynayrb

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Web Shield has blocked a harmful webpage
« Reply #9 on: October 30, 2013, 03:35:11 PM »
Nope, no problems now.  I reset IE's settings and it is working as it should now.  Thanks a lot for your help.

Do any of these little tools you had me use have any special removal instructions or can I just delete the files from the desktop?

Thanks again.

Offline TwinHeadedEagle

  • Removal Expert
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1244
  • Gender: Male
    • Personal Message (Offline)
Re: Web Shield has blocked a harmful webpage
« Reply #10 on: October 30, 2013, 03:48:00 PM »
Good :)


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.



Cheers :)

Offline andynayrb

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Web Shield has blocked a harmful webpage
« Reply #11 on: October 30, 2013, 03:54:56 PM »
Awesome, your help was really appreciated.  Hopefully we don't need it again.

Offline velezdav

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: Web Shield has blocked a harmful webpage
« Reply #12 on: November 13, 2013, 06:10:56 PM »
I also got the above virus infected my Avast.  Was wondering if someone could help me.  TwinHdeadedEagle?

Online Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21712
  • Gender: Male
    • Personal Message (Online)
Re: Web Shield has blocked a harmful webpage
« Reply #13 on: November 13, 2013, 06:12:59 PM »
I also got the above virus infected my Avast.  Was wondering if someone could help me.  TwinHdeadedEagle?
start your own topic, explain the problem and help will arrive.   ;)

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now