Avast WEBforum

Other => Viruses and worms => Topic started by: lky0223 on June 14, 2022, 04:14:20 AM

Title: Have URL:Blacklist issue
Post by: lky0223 on June 14, 2022, 04:14:20 AM
I have a question about malware(?).
Avast sends a web shield warning every 15 minutes.
I ran the whole virus scan about 3 times, but each time it was found and not resolved.

Here is the message.

Threat name : URL:Blacklist
URL : 104.155.207.188/win.pac
process : C: \Windows\System32\svchost.exe
by Web shield

Here is another URL : listincode.com/jsapi.php

The processor changes every time.
 My guess is that it detects an active processor when connecting to the internet.

Title: Re: Have URL:Blacklist issue
Post by: DavidR on June 14, 2022, 04:34:45 AM
Please break active URLs to suspect sites to avoid accidental exposure (remove the http/s and www elements just post the domain name.

Attach a screenshot of the avast alert window with the see details option open.  It could help the Avast Team.

Whilst svchost.exe does connect to the internet it isn't normal.

Others are also flagging this IP:
https://www.virustotal.com/gui/url/38ef8ec31e7b039875adc5b5486edb801c1a2c04c039ed60688745b1e426e4fe?nocache=1

Listincode.com - scores a big fat F for web page security:
https://snyk.io/test/website-scanner/?test=220614_BiDcFP_107&utm_medium=referral&utm_source=webpagetest&utm_campaign=website-scanner
Title: Re: Have URL:Blacklist issue
Post by: lky0223 on June 14, 2022, 06:23:30 AM
I use malwarebytes and it finds Hijack.AutoConfigURL.
Quarantiend and deleted files, and restart computer.
But it seems unresolved.

So I checked regedit HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
and autoconfigurl still remains. it redirect to url in main text.
Title: Re: Have URL:Blacklist issue
Post by: Asyn on June 14, 2022, 09:19:42 AM
Hi, I'd suggest to post/ask here: https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help
Title: Re: Have URL:Blacklist issue
Post by: polonus on June 15, 2022, 05:51:11 PM
Example of a cleansing routine for someone infested wit this win.pac malcode.
From that forum:
https://www.bleepingcomputer.com/forums/t/772767/infected-by-trojan-antivirus-blocks-104155207188-winpac/

Mind you. N.B.

All routines should be performed under personal guidance of a qualified malware removal specialist,
and every routine is just strictly personal for your specific infection,
and every malware removal, comes with quite unique tailor-made instructions
for just that single particular victim.


polonus