Author Topic: Avast! Free Antivirus blocking safe websites (Cnet, etc.) [RESOLVED]  (Read 4393 times)

Offline wernarner84

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
I have been using the Avast! free antivirus for a short while now, and everything has run smoothly.  Until now.  Every time i try to visit websites like Cnet, engadget, and other tech review websites, Avast says it has "blocked a malicious URL", then gives me a link to a website that seems to be an ad to upgrade to Avast! internet security suite.  All the websites I try to visit have good ratings from WebReb.  The only solution I have found is to turn off Network Shield, as that is what's blocking it, and the "exclusions" list has no effect.  My computer is running Windows 7 Enterprise.
EDIT: Problem solved.  I had a redirect virus, and Avast! was blocking the sites it redirected me to.
« Last Edit: July 24, 2011, 10:08:36 PM by wernarner84 »

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24889
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: Avast! Free Antivirus blocking safe websites (Cnet, etc.)
« Reply #1 on: July 24, 2011, 12:31:02 PM »
Please post a screenshot, as I've no problem reaching e.g. Cnet...
XP SP3 - avast! 9.0.2017 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline wernarner84

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Avast! Free Antivirus blocking safe websites (Cnet, etc.)
« Reply #2 on: July 24, 2011, 12:50:20 PM »
Hmm.  It seems to be a random thing, because after I rebooted Avast and the Network Shield, I can now visit websites normally.  It looked like a regular Avast virus alert(red window in the bottom right) and it said "Malicious Website Blocked".  Under that it said the IP of the website, the URL, and the process(iexplorer.exe).  There was a link in the bottom of the window that said "More Info", and when I clicked on it, it sent me to a webpage that said something like "That was a close call, but upgrade to Avast! Security Suite now and you won't have to worry about this again!" then told me all about the savings on the paid version.  The More Info link gave me no info on why the site was blocked, just advertisements for the paid version.  If it happens again, I'll take screenshots and post them here, in this thread or a new one.

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24889
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: Avast! Free Antivirus blocking safe websites (Cnet, etc.)
« Reply #3 on: July 24, 2011, 12:53:35 PM »
If it happens again, I'll take screenshots and post them here, in this thread or a new one.

Ok, please do so.
XP SP3 - avast! 9.0.2017 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline wernarner84

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Avast! Free Antivirus blocking safe websites (Cnet, etc.)
« Reply #4 on: July 24, 2011, 02:01:05 PM »
I'm not sure if these are related, but I just fixed the redirect virus on Internet Explorer.  Maybe Avast! was stopping it from redirecting?  That's probably what the problem was.

EDIT: I'm stupid, so I can't figure out how to take a screenshot, but it came up again.  Here's a link to the page: http://www.avast.com/en-us/lp-security-information-fp?utm_campaign=Virus_alert&utm_source=prg_fav_60_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-us%2Fvirus-alert-champion2&p_vir=al&p_prc=file://C:\Windows\System32\sppobjs32.exe&p_obj=91.217.153.48/bc840551717&p_var=.%2Ffa%2Fen-us%2Fvirus-alert-champion2&p_pro=0&p_vep=6&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=335&p_lng=en&p_lid=en-us&p_elm=7
« Last Edit: July 24, 2011, 02:22:46 PM by wernarner84 »

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69200
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast! Free Antivirus blocking safe websites (Cnet, etc.)
« Reply #5 on: July 24, 2011, 02:46:20 PM »
How did you think you fixed it ?
The link you gave relating to the alert, gives the C:\Windows\System32\sppobjs32.exe file as being responsible for the connection attempt to the malicious site, a domain in the Ukraine, see image.

A google search for sppobjs32.exe (looks like a randomly generated file name) returns zero hits and for something in the system32 folder highly suspicious.

So unless the sppobjs32.exe was dealt with the problem could still be present, so needs further investigation.

Here is an analysis tool that will help to identify the cause:
Quote from: essexboy
Unfortunately no two attacks are the same so first I will need to see what you have.

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Select All Users
  • Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please attach the log in your next post.

Note: this says attach the file (to big for copy and paste, use the Additional Options in the Reply window to attach the file (this is also how images are attached to posts).
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline wernarner84

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Avast! Free Antivirus blocking safe websites (Cnet, etc.)
« Reply #6 on: July 24, 2011, 03:03:19 PM »
Here is the file it gave me.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69200
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast! Free Antivirus blocking safe websites (Cnet, etc.)
« Reply #7 on: July 24, 2011, 03:21:17 PM »
I will contact someone to analyse this and create a fix.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Online essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28937
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Online)
Re: Avast! Free Antivirus blocking safe websites (Cnet, etc.)
« Reply #8 on: July 24, 2011, 04:01:01 PM »
Hi there on completion of this run could you upload the following files to Avast, or if you are not sure how to do that.  Could you locate the Zip file within C:\_OTS\Moved files and upload to Mediafire and post the sharing link. I will then upload to Avast

Quote
C:\ProgramData\api-ms-win-core-debug-l1-1-032.exe
C:\Windows\System32\sppobjs32.exe
C:\Windows\System32\api-ms-win-core-debug-l1-1-032.dll

On completion could you let me know if the alerts cease


Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]

[Unregister Dlls]
[Processes - Safe List]
YY -> sppobjs32.exe -> C:\Windows\System32\sppobjs32.exe
YY -> api-ms-win-core-debug-l1-1-032.exe -> C:\ProgramData\api-ms-win-core-debug-l1-1-032.exe
[Win32 Services - Safe List]
YY -> (CertPropSvc32) Certificate Propagation  [Auto | Running] -> C:\Windows\System32\sppobjs32.exe
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > ->
YN -> HKEY_USERS\S-1-5-19\: Main\\"XMLHTTP_UUID_Default" -> 87 07 91 11 73 79 44 48 9D 12 1B 0F A5 40 A6 2E  [binary data]
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > ->
YN -> HKEY_USERS\S-1-5-20\: Main\\"XMLHTTP_UUID_Default" -> 87 07 91 11 73 79 44 48 9D 12 1B 0F A5 40 A6 2E  [binary data]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-418879597-753732764-3325164317-1006\] > ->
YN -> HKEY_USERS\S-1-5-21-418879597-753732764-3325164317-1006\: Main\\"XMLHTTP_UUID_Default" -> 87 07 91 11 73 79 44 48 9D 12 1B 0F A5 40 A6 2E  [binary data]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-418879597-753732764-3325164317-500\] > ->
YN -> HKEY_USERS\S-1-5-21-418879597-753732764-3325164317-500\: Main\\"XMLHTTP_UUID_Default" -> 87 07 91 11 73 79 44 48 9D 12 1B 0F A5 40 A6 2E  [binary data]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {11910787-7973-4844-9D12-1B0FA540A62e} [HKLM] -> C:\Windows\System32\api-ms-win-core-debug-l1-1-032.dll [Reg Error: Value error.]
[Files/Folders - Created Within 30 Days]
NY ->  api-ms-win-core-debug-l1-1-032.exe -> C:\ProgramData\api-ms-win-core-debug-l1-1-032.exe
NY ->  sppobjs32.exe -> C:\Windows\System32\sppobjs32.exe
NY ->  api-ms-win-core-debug-l1-1-032.dll -> C:\Windows\System32\api-ms-win-core-debug-l1-1-032.dll
NY ->  .jagex_cache_32 -> C:\.jagex_cache_32
NY ->  Portal Prelude 1.1.5 -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portal Prelude 1.1.5
[Files/Folders - Modified Within 30 Days]
NY ->  2122106182 -> C:\Windows\System32\2122106182
NY ->  api-ms-win-core-debug-l1-1-032.dll -> C:\Windows\System32\api-ms-win-core-debug-l1-1-032.dll
NY ->  sppobjs32.exe -> C:\Windows\System32\sppobjs32.exe
[Files - No Company Name]
NY ->  2122106182 -> C:\Windows\System32\2122106182
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[ZipFiles]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

Offline wernarner84

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Avast! Free Antivirus blocking safe websites (Cnet, etc.)
« Reply #9 on: July 24, 2011, 07:43:37 PM »
My desktop did disappear, including the taskbar.  From what you said, this isnt abnormal though.  However, Avast! blocked the process as a Trojan Horse and OTS stopped responding.  Two questions:
1: How do I get my desktop to reappear?
2: How do I get Avast! to not register the process as a Trojan?

Online essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28937
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Online)
Re: Avast! Free Antivirus blocking safe websites (Cnet, etc.)
« Reply #10 on: July 24, 2011, 08:27:10 PM »
OK easy peasy (ish)  ;D

Reboot the computer and all will be back
Set Avast > File Shield > Autosandbox to ask

Rerun the fix and when the sandbox pops up select run normally

Offline wernarner84

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Avast! Free Antivirus blocking safe websites (Cnet, etc.)
« Reply #11 on: July 24, 2011, 09:57:01 PM »
1: Thanks, I figured that would work.
2: It's not registering OTS itself as a Trojan(besides, I already have sandbox on ask).  Its registering the Fix script as a Trojan.  Any solution for this(advanced settings?).
EDIT: Never mind, when I rebooted to get my desktop back, it ran fine.  Didn't change any settings or anything.  Also rebooted at the end of the fix when it prompted.  Checking if it worked as I type.
EDIT EDIT: Worked like a charm.  Thanks guys :)  That redirect virus was getting annoying.
« Last Edit: July 24, 2011, 10:07:45 PM by wernarner84 »

Online essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28937
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Online)
Re: Avast! Free Antivirus blocking safe websites (Cnet, etc.) [RESOLVED]
« Reply #12 on: July 25, 2011, 04:59:03 PM »
Redirects gone ?

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now