Author Topic: Avast keeps blocking malicious websites  (Read 12746 times)

0 Members and 1 Guest are viewing this topic.

darth_ender

  • Guest
Avast keeps blocking malicious websites
« on: December 06, 2012, 11:36:22 PM »
I recently contracted some pretty serious malware on my system, including rootkits and an FBI scamware that accused me of taking part in illegal activities.    I have read several things online and tried a number of different methods, and finally I seemed to be free of everything.

List of software used (not necessarily in this order): Avira Free Antivirus (the original software I'd hoped would protect me); rkill; TDSSKiller; MalwareBytes; Autorun Eater; HitmanPro Trial scan; F-secure online scanner; Zone Alarm free version; SUPERAntiSpyware free version.

I originally scanned the computer with Avira, then used rkill and MalwareBytes.  After that I did a system restore.  Scans then wouldn't pick up anything, but my active defense was disabled and I couldn't update the virus definitions, making it obvious that something was still going on.  I continued with F-secure and SUPERAntiSypware, but still couldn't get rid of that problem.  After further reading, I tried TDSSKiller, and from there it seemed like things really freed up.  Avira detected a number of different bits of malware and quarantined them.  I then used HitmanPro, which really knocked out a lot.  But strange things continued to happen.  Avira started thinking hundreds of files had been infected.  I let it quarantine them at first, but then restored them and did a full scan.  After this it only seemed to believe some of them were viruses.  I wondered if Avira was having problems, so I uninstalled it and installed Avast, which required that I remove MalwareBytes.  After a full Avast scan and another F-secure scan, I seemed to finally have eliminated everything.  Things seemed okay on the computer, though I've stayed away from banking and such on this computer.  But after a week or two, Avast is blocking malicious sites, sometimes every 2 or 3 minutes, and lasting for several minutes.  Then it seems to leave me alone.  This often starts after I start Windows Live Movie Maker.  Avast tells me that it is blocking these sites that I'm clearly not going to, tells me that programs like Google Chrome and Movie Maker are the programs trying to access them, etc.  Further use of the same scanners including TDSSKiller, Avast, and HitmanPro seem to turn up nothing.  Am I still infected?  Are all my good programs infected?  How can I get rid of this?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37595
  • Not a avast user
Re: Avast keeps blocking malicious websites
« Reply #1 on: December 06, 2012, 11:42:04 PM »
follow this guide and attach the logs......not copy and paste
http://forum.avast.com/index.php?topic=53253.0


AdwCleaner
Malwarebytes
OTL
aswMBR



when done the malware experts will be notified and help you. it may take hours before one arrive so be patient


darth_ender

  • Guest
Re: Avast keeps blocking malicious websites
« Reply #2 on: December 07, 2012, 12:05:18 AM »
Thanks.  I'll do as you suggest :)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast keeps blocking malicious websites
« Reply #3 on: December 07, 2012, 10:46:58 AM »
Monitoring

darth_ender

  • Guest
Re: Avast keeps blocking malicious websites
« Reply #4 on: December 07, 2012, 01:55:31 PM »
Sorry for not posting my logs sooner.  I had to leave that computer before the final scan was done.  Here are most of the logs.

darth_ender

  • Guest
Re: Avast keeps blocking malicious websites
« Reply #5 on: December 07, 2012, 01:56:23 PM »
And the rest for OTL.  I guess I do have some virus problem and probably should have put this in a different part of the forum.  Sorry.
« Last Edit: December 07, 2012, 02:00:05 PM by darth_ender »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast keeps blocking malicious websites
« Reply #6 on: December 07, 2012, 02:45:49 PM »
No problem as I can run just as easily from here

Could you confirm that it is just chrome giving the alerts ?

Could you start chrome in incognito mode and see if the alerts persist http://support.google.com/chrome/bin/answer.py?hl=en&answer=95464

Could you attach the Combofix log please

darth_ender

  • Guest
Re: Avast keeps blocking malicious websites
« Reply #7 on: December 07, 2012, 05:03:23 PM »
Oh, I forgot about ComboFix.  Here's the log for that.  Thanks for the help.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast keeps blocking malicious websites
« Reply #8 on: December 07, 2012, 05:06:35 PM »
network.proxy.socks - 202.164.211.76  did you set these proxies ?

Also does incognito stop the alerts

darth_ender

  • Guest
Re: Avast keeps blocking malicious websites
« Reply #9 on: December 07, 2012, 05:22:36 PM »
Yeah, I used a YouTube video which suggested that exact proxy address with Firefox to get past a particular IP address block to a Star Wars site I enjoy (I got my work IP blocked because I jokingly signed up with a sock account to tease other site patrons, though they didn't suspend my account).  The proxy had numerous problems so I stopped using it and only use "No proxy."  I do visit proxy4free.com and use one of the suggested proxy sites there to access that site now.

As for Chrome, it's hard to tell.  It isn't always blocking anything.  When it has, I know I had the normal window open.  I can try with incognito.  Also, it isn't just Chrome causing the problem.  I'll have to see if I can get it to start blocking again, but it actually seems to start with Windows Live Movie Maker.  Avast! tells me the program trying to do it is Movie Maker, then it tells me it's Chrome.  I believe there was at least one other program it implicated, but I can't remember which it was.  Anyway, I'll start Movie Maker and see if I can spur it to start blocking stuff again, and I'll only keep incognito mode open with Chrome.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast keeps blocking malicious websites
« Reply #10 on: December 07, 2012, 05:24:40 PM »
If you do get the block could you screenshot the alert and post that

darth_ender

  • Guest
Re: Avast keeps blocking malicious websites
« Reply #11 on: December 07, 2012, 05:58:12 PM »
Okay, here's an example.  I cropped it for privacy.  It seems to start when I'm working on a particular project in Windows Live Movie Maker, not just when the program is merely open, as I left it open with nothing happening, but once I opened that project, it started.  So far only one block.

EDIT: There has been a second block.  I should also note that I only have Google Chrome open in incognito mode.  No new website or tab actually opened--just the notice from Avast.  I'm posting my second block.
« Last Edit: December 07, 2012, 06:12:25 PM by darth_ender »

darth_ender

  • Guest
Re: Avast keeps blocking malicious websites
« Reply #12 on: December 07, 2012, 06:21:36 PM »
I won't post every block I get, but just as a sample I'll include two more, one from RealPlayer and one from Chrome.  At this point I had Chrome open and not incognito because I'd pressed 'More Details' when Avast blocked a site, causing the regular window to pop open and tell me I dodged a bullet.  It's blocked Chrome twice, but now I've closed the regular window.  It's blocked RealPlayer once, though I seldom use that software.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast keeps blocking malicious websites
« Reply #13 on: December 07, 2012, 07:17:38 PM »
And if you do not open that project then all is sweetness and light..  When you open that project then all hell breaks loose

Could you get Avast to scan that projects files


darth_ender

  • Guest
Re: Avast keeps blocking malicious websites
« Reply #14 on: December 07, 2012, 07:34:20 PM »
Just scanned My Documents where all files associated with the project including the project file itself are saved.  Nothing showed up :(  My MalwareBytes scan last night found a single threat and eliminated it.  Then the aswMBR found a rootkit.  Not sure what to do about that one.