Avast WEBforum

Other => Viruses and worms => Topic started by: specimen on May 22, 2012, 11:48:26 PM

Title: Please help, I keep getting the "malicious url blocked" message every 30 seconds
Post by: specimen on May 22, 2012, 11:48:26 PM
I googled this issue and found the thread that suggests to download the malwarebytes free program, run it then removed selected files, which I did. That did not fix the problem, I am still getting this error message every 30 seconds.

Please help, this is extremely annoying.

Also I checked files as I found on another thread and this is what I found if this helps


CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\\videos\realplayer downloads\charming brunette sasha grey spreads that guyr crack wide slamming it on a tgreetingsck shaft.mp4
scanner sequence 3.NA.11.NGAPKP
 ----- EOF -----
Title: Re: Please help, I keep getting the "malicious url blocked" message every 30 seconds
Post by: Pondus on May 23, 2012, 12:03:16 AM
follow this guide and attach (not copy and paste) logs from malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0
Title: Re: Please help, I keep getting the "malicious url blocked" message every 30 seconds
Post by: specimen on May 23, 2012, 12:08:00 AM
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bayareabeast :: BAYAREABEAST-HP [administrator]

Protection: Enabled

5/22/2012 2:24:17 PM
mbam-log-2012-05-22 (14-24-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203042
Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bayareabeast :: BAYAREABEAST-HP [administrator]

Protection: Enabled

5/22/2012 2:17:05 PM
mbam-log-2012-05-22 (14-17-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202826
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 33
HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> No action taken.
HKCR\CrossriderApp0002258.BHO.1 (PUP.CrossFire.Gen) -> No action taken.
HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> No action taken.
HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> No action taken.
HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> No action taken.
HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Bayareabeast\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Bayareabeast\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Bayareabeast\AppData\Local\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Bayareabeast\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Files Detected: 18
C:\Users\Bayareabeast\Downloads\etype_setup.exe (PUP.BundleInstaller.IB) -> No action taken.
C:\Users\Bayareabeast\Downloads\Unconfirmed 51884.crdownload (PUP.BundleOffers.IIQ) -> No action taken.
C:\Program Files (x86)\I Want This\I Want This.dll (PUP.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\Bayareabeast\Downloads\Setup (1).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Bayareabeast\Downloads\Setup (2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\fb.js (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\jquery.js (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\json.js (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Bayareabeast\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Bayareabeast\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.

(end)

Title: Re: Please help, I keep getting the "malicious url blocked" message every 30 seconds
Post by: specimen on May 23, 2012, 12:29:00 AM
The OTL Program will not run properly, in the middle of it says program not responding...

Does anyone know how to fix this issue?

Every 30 seconds this message pops up saying malicious URL blocked... I ran the first program on the list and deleted all the malware, or so it says...
Title: Re: Please help, I keep getting the "malicious url blocked" message every 30 seconds
Post by: specimen on May 23, 2012, 12:29:54 AM
Here is the pop up message, this is what I see when I click "more details"

Infection Details
URL:   http://www.superfish.com/ws/sf_main.jsp?...
Process:   file://C:\Users\Bayareabeast\AppData\Loc...
Infection:   al
Title: Re: Please help, I keep getting the "malicious url blocked" message every 30 seconds
Post by: specimen on May 23, 2012, 12:33:42 AM
Here is the attachment for the ASW SCAN
Title: Re: Please help, I keep getting the "malicious url blocked" message every 30 seconds
Post by: specimen on May 23, 2012, 12:37:28 AM
Here are the attached logs for the malwarebytes scans and deletions

Title: Re: Please help, I keep getting the "malicious url blocked" message every 30 seconds
Post by: jeffce on May 23, 2012, 03:55:45 AM
Hi,

Any particular reason you are not removing all the entries that Malwarebytes is finding?

Please download DDS from either of these links

LINK 1 (http://download.bleepingcomputer.com/sUBs/dds.com)
LINK 2 (http://download.bleepingcomputer.com/sUBs/dds.scr)

and save it to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------
Title: Re: Please help, I keep getting the "malicious url blocked" message every 30 seconds
Post by: cvsepsy on May 23, 2012, 09:12:37 AM
I'm getting the EXACT same problem, same malicious URL and everything  :(

Its so damn annoying
Title: Re: Please help, I keep getting the "malicious url blocked" message every 30 seconds
Post by: Asyn on May 23, 2012, 09:14:03 AM
I'm getting the EXACT same problem, same malicious URL and everything  :(

Its so damn annoying

Please start a new topic..!!