malicious url blocked

[ash_71]

hi im having problems with avast constantly giving the warning message malicious url blocked.no matter what site i go to after a while i get this message
malicious url blocked
object: cljkcpixelabn.com/NKM3qBZe555xEwU5dmVyPTMuOTYmYmlkPWUyO
infection: URL blocked action: blocked
process:C:\program files\mozilla firefox\firefox.exe


i tried removing firefox from my system and it changed to internet explorer exe file.
ive scanned with avast and nothing found and then with malwarebytes and nothig found . has anyone got any ideas how to cure this .
i remembered when i had help years ago here a log from hyjack this was asked for  so i have done one again to see if this helps any one to figure out whats going on , log as follows
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:07:14, on 13/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q305&bd=presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q305&bd=presario&pf=laptop
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 7304 bytes

hope some one can help remove this  thanks in advance guys

[robwired]

object: cljkcpixelabn.com/NKM3qBZe555xEwU5dmVyPTMuOTYmYmlkPWUyO
infection: URL blocked action: blocked
process:C:\program files\mozilla firefox\firefox.exe

I'm getting this same message. Ran avast scan and malwarebytes, too. No infection found; I suppose that's because avast is blocking the mailicious url(?).
Also got a "Generic Host Process for Win32 has encountered a problem and needs to close. We are aware of the inconvenience" message.
A couple of things:
1. Yesterday there was an Adobe Acrobat update.
2. I scanned a zip file with avast of an album a friend sent me before extracting the songs, which I then listened to, one song, anyway.
Those are the only things I can think of where this malware may have sneaked in. Or a drive-by web page. Dunno.
But I'm getting the same message, though the string after the slash is different.
Anyway, if anyone has any ideas on what's causing this and how to isolate it, I would appreciate it.

[!Donovan]

Hey guys, hxxp://cljkcpixelabn.com is a dangerous!!! site.

See http://urlvoid.com/scan/cljkcpixelabn.com

Seems like new malware distribution, as it only has one other post, here:
http://forums.spacebattles.com/showthread.php?p=5244371

Notified WOT: http://www.mywot.com/en/forum/7986-cljkcpixelabn-com-is-a-malware-distributer

[CharleyO]

***

Welcome to the forums, ash_71 and robwired.   

An analysis of ash_71's HJT log shows only one minor problem :

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Unnecessary (deactivated) entry that can be fixed.


***

[ash_71]

thanks for looking at my hijack log , so i guess delete that entry using hjt
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
but will this cure the malicious url blocked tho?  fingers crossed

[CharleyO]

***

Yes, you can fix that 02 entry using HJT but it will not cure the malicious url blocked.

Try using MBAM Free from the link below. Down load it, install it, update it, and then run a Quick Scan. Let MBAM quarantine what it finds. Post the resulting log here.

http://www.malwarebytes.org/mbam.php


***

[ash_71]

ran otl but couldnt find the scan txt file , so ran scan as it was . although appears that the otl txt file is 284 kb so im unable to attach it . im running malware bytes and the last scans ive done it has found nothing but i will do it again and post the log

[ash_71]

heres the last log from malwarebytes anti malware full scan

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4735

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14/10/2010 17:22:06
mbam-log-2010-10-14 (17-22-06).txt

Scan type: Full scan (C:\|)
Objects scanned: 151226
Time elapsed: 24 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[ash_71]

heres the otl quick scan file log

[rwifenrir]

hi, I have the same problem, in another thread.
This fixed it for me.
TDSSKiller
good luck

[ash_71]

ok well ran TDSS killer and it found and cured something .thanks rwifenrir . so is that it now? or is there other stuff that i will need to do?

[CharleyO]

***

That should do it but if you notice other problems, please post again.   


***

[ash_71]

ok so now that it loks like im clean and all ok , is there anything i can use  or do to try and prevent thi fro happening again? im currently runing avast internet security and malwarebytes anti-malware full version.

[robwired]

hi, I have the same problem, in another thread.
This fixed it for me.
TDSSKiller
good luck

TDSSKiller worked for me. I tried it when I read the suggestion, so thank you.
However, avast blocked a Trojan horse tonight from a redirect. It was a little more sophisticated than I've seen before. (It's been a long time, but before it was a simple pop-up.) It looked like it was running a scan with a pop-up that said my computer was infected and to click on the pop-up to fix it. I did a Ctrl-Alt-Delete to close Firefox, ran TDSSKiller, which didn't find anything, but when I reopened Firefox, it was to the same redirected page. Avast blocked the same Trojan horse, I hit the home button on Firefox, which got me away from the page.
Also, the avast message for the Trojan horse mentioned firefox.exe.
My anxious question:
Is my computer still infected?

[kathyspogo]

  Well, you are all AWESOME, in my book.  You know, you can work on, build, tinker with and use computers for over 17 years, and not know all there is to know, when dealing with computer/software issues!

I was searching and searching on this very same problem...and before AVAST was installed, I was getting "bogus" redirected websites from the Google Toolbar result weblinks, no matter what my search.  After AVAST, it stopped the redirection, but was constantly coming up with that "Malicious URL Blocked".

I followed a what a few of you said that worked for you, TDSSKiller from Kaspersky.  Turned out that the bad "rootkit" was in my MBR!  But after selecting "Cure", "continue" and then rebooting....VOILA!  NO MORE PROBLEMS!!

Thank you! Thank you! Thank you!