Avast WEBforum

Other => Viruses and worms => Topic started by: baz_201 on February 24, 2011, 06:52:35 PM

Title: 199.80.55.19
Post by: baz_201 on February 24, 2011, 06:52:35 PM
I keep getting a message saying Avast has blocked a malicious site in my svchost file but when I run a scan and also run my Malware program (Malawarebytes) it isn;t bieng picked up though I am sure there is something sat in there hiding
any ideas how to remove it?
thanks
Mike
Title: Re: 199.80.55.19
Post by: Pondus on February 24, 2011, 06:56:31 PM
can you post a screen shot of the avast pop-up..
you may right click the avast ball and "show last pop-up"....
Title: Re: 199.80.55.19
Post by: Eddy on February 24, 2011, 07:02:00 PM
It is a website that has been blocked.
If it says that it is in your svchost file, it is incorrect.
svchost is generic host process used to run dll's.
Are you sure it didn't say host file?

If avast says a site is blocked, it means you can't visited it.
That also means no temporary file(s) from that site are on your system.
Which means, there is nothing to remove.
Title: Re: 199.80.55.19
Post by: baz_201 on February 24, 2011, 07:09:36 PM
it wont copy but it says
199/80.55.19/go.php?uid=40282&suid=u6t0y&date=8rmeNSnFroTK(
Infection: URL:Mal
Action: Blocked
Process: c:\WINDOWS\System32\svchost.exe
Title: Re: 199.80.55.19
Post by: baz_201 on February 24, 2011, 07:10:47 PM
but I keep getting this error message every half hour or so and can't find a way to remove what is causing it
there is definitely something trying to access this website
Title: Re: 199.80.55.19
Post by: essexboy on February 24, 2011, 07:25:48 PM
Hi there this sounds like a proxy problem

First

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer


And for Firefox there are instructions on this page  (http://davidtse916.wordpress.com/2008/07/05/university-of-otago-firefoxs-proxy-auto-detection-problem-in-vista/)and you want the setting to be no proxy

Then

Download OTL (http://oldtimer.geekstogo.com/OTL.exe)  to your Desktop
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT


Title: Re: 199.80.55.19
Post by: polonus on February 24, 2011, 09:19:20 PM
Description of the malware here: http://www.threatexpert.com/report.aspx?md5=203add17ccb6f3ecfd5e6c33a64e55af

polonus
Title: Re: 199.80.55.19
Post by: BoggyD on March 07, 2011, 09:52:53 PM
Polonus-

Thanks for the link. That is perhaps the most detailed report of this malware I have seen yet. It also has some very similar characteristics to what I have been experiencing. Where do you find a fix? Do you agree with the solution posted by essexboy below?

Title: Re: 199.80.55.19
Post by: essexboy on March 07, 2011, 10:05:55 PM
There are probably the jobs still to remove - unless you have removed them yourself

Title: Re: 199.80.55.19
Post by: Parad_the_Dead on March 10, 2011, 03:39:11 AM
I often get the same notification and was wondering if the solution posted by essexboy would be the best way to go about it...
Title: Re: 199.80.55.19
Post by: essexboy on March 10, 2011, 12:39:53 PM
It is always worth doing a check as automated removal tools may not get it all