Avast WEBforum

Other => Viruses and worms => Topic started by: dbophxlip2017 on May 12, 2022, 05:27:06 PM

Title: Detection URL:Blacklist
Post by: dbophxlip2017 on May 12, 2022, 05:27:06 PM
This will ONLY appear when a network connection is enabled otherwise its not found by avast.

Threat name: URL:Blacklist
URL: hxtp://104.155.207.188/win.pac
Process: C:\Program Files\Avast Software\Avast\AvastUI.exe
Detected by: Web Shield
Status: Connection Aborted

&

Threat name: URL:Blacklist
URL: hxtp://104.155.207.188/win.pac
Process: C:\Windows\System32\svchost.exe
Detected by: Web Shield
Status: Connection Aborted

ive ran scan after scan, used Avast, spybot, malwarebytes, booted to a linux partition and scanned with ClamAV and it finds nothing but it still remains.  how do I find this and remove it to stop this message once and for all outside of removing the windows virus and going back to linux?
Title: Re: Detection URL:Blacklist
Post by: gtmjacksonville on May 16, 2022, 07:59:02 PM
This is happening to me as well. The exact same thing.
Title: Re: Detection URL:Blacklist
Post by: polonus on May 16, 2022, 10:28:44 PM
RTB trojan-backdoor, read here: https://www.bleepingcomputer.com/forums/t/771229/rtp-detection-on-malwarebytestrojanbackdoor/  as MBAM also detects this malware.
Did not you notice that -http:// and not -https:// is an insecure connection?

9 security vendors detect: https://www.virustotal.com/gui/url/47ba015d9b7b182c540052fe7f40cfcbb42c9cdad850939cb9dfc738ba8a1da4

and
Quote
Joe Sandbox Analysis:

Verdict: MAL
Score: 56/100
Classification: -mal56.win@35/183@3/8
Domains: -accounts.google.com -clients.l.google.com -googlehosted.l.googleusercontent.com
-clients2.googleusercontent.com -clients2.google.com
Hosts: 142.250.185.206 192.168.2.1 104.155.207.188 142.250.185.193 239.255.255.250 192.168.2.23 142.250.186.77 127.0.0.1

HTML Report: https://www.joesandbox.com/analysis/624161/0/html
PDF Report: https://www.joesandbox.com/analysis/624161/0/pdf
Executive Report: https://www.joesandbox.com/analysis/624161/0/executive
Incident Report: https://www.joesandbox.com/analysis/624161/0/irxml
IOCs: https://www.joesandbox.com/analysis/624161?idtype=analysisid

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)
Title: Re: Detection URL:Blacklist
Post by: MichaƂ19 on May 25, 2022, 09:22:49 PM
The same thing happened to me.
Fortunately, managed to removed.
Rom the settings level I enter the network and the Internet. I removed the URL from the automatic proxy configuration.  ;)