Author Topic: Is This Something I  (Read 4597 times)

0 Members and 1 Guest are viewing this topic.

Offline midnight

  • Massive Poster
  • ****
  • Posts: 2475
Is This Something I
« on: November 20, 2013, 09:39:43 PM »
should be concerned about?

Got this popup twice while checking windows live mail.
.

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: Is This Something I
« Reply #1 on: November 20, 2013, 09:45:03 PM »
Maybe there is something on there. Can you post the full path of the blocked URL?
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5700
  • Spartan Warrior
Re: Is This Something I
« Reply #2 on: November 20, 2013, 09:58:08 PM »
When you do so, please make http as hxxp so as to disable the live link.  Us security experts know how to investigate without coming to harm, but this will protect non-experts from harm.

Windows always reports the last file run as the one affected; hence the wlmail.exe reported.  It does not mean that this file is infected, tho, because of that.
Windows 10 Home 64-bit 22H2 Microsoft Windows Defender - Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.4.6112 (build 24.4.9067.762) UI version 1.0.803

Offline midnight

  • Massive Poster
  • ****
  • Posts: 2475
Re: Is This Something I
« Reply #3 on: November 20, 2013, 11:19:31 PM »
Malwarebytes didn't detect anything.

Just scanned with Avast and it didn't find any threats.
.

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5700
  • Spartan Warrior
Re: Is This Something I
« Reply #4 on: November 21, 2013, 07:56:31 AM »
Well, if you're not seeing anything amiss or the usual performance or speed is the same, then if all is where it usually is, consider that avast! protected you from harm without you having to do anything.  In this case, avast! informed you of a threat possibly posed by something in a specific email you got when you opened it, and blocked the threat from opening a connection link to a specific malicious dark system out on the Internet.

The threat could have been an attachment you opened or downloaded, a notification sent to the sender that you opened their email at that moment....  This particular threat is out on the Internet, but its methodology uses email you download and bring inside your system to come in and capture your system from there, if indeed, it was malicious in intent and design.

As avast! broke/blocked that link from successfully connecting, I think you are OK.  If you remember which email it was that triggered the alert, simply delete it to remove the possibility of the threat ever returning at some later time.

As the threat detected is not based on or in your computer, and both scans by Malwarebytes and avast! are clean, I think avast! did its' job.

It would be a completely different story if you were to have continuous pop-up warnings/blocks or unwanted/unsolicited redirects on your system whenever you surfed on the Internet, but I don't see you having that sort of issue here.  If you were, then the threat is now successfully planted on your system, and is also actively trying to contact its host malware system every time you connect to the Internet, you would then have a problem.  You will see numerous pop-up stating this fact until you get the help you need from here to clean things up.  In case that ever happens, we will be here for you.   ;D 

Hopefully, you won't need that help.  avast! is smart and dependable and continuously protects us from threats we don't even know about.  It's not perfect, but it's certainly one of the best there is.

[EDIT:]  Added additional note at end of post.
« Last Edit: November 21, 2013, 08:03:31 AM by mchain »
Windows 10 Home 64-bit 22H2 Microsoft Windows Defender - Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.4.6112 (build 24.4.9067.762) UI version 1.0.803

Offline midnight

  • Massive Poster
  • ****
  • Posts: 2475
Re: Is This Something I
« Reply #5 on: November 21, 2013, 12:44:24 PM »
Well, if you're not seeing anything amiss or the usual performance or speed is the same, then if all is where it usually is, consider that avast! protected you from harm without you having to do anything.  In this case, avast! informed you of a threat possibly posed by something in a specific email you got when you opened it, and blocked the threat from opening a connection link to a specific malicious dark system out on the Internet.

The threat could have been an attachment you opened or downloaded, a notification sent to the sender that you opened their email at that moment....  This particular threat is out on the Internet, but its methodology uses email you download and bring inside your system to come in and capture your system from there, if indeed, it was malicious in intent and design.

As avast! broke/blocked that link from successfully connecting, I think you are OK.  If you remember which email it was that triggered the alert, simply delete it to remove the possibility of the threat ever returning at some later time.

As the threat detected is not based on or in your computer, and both scans by Malwarebytes and avast! are clean, I think avast! did its' job.

It would be a completely different story if you were to have continuous pop-up warnings/blocks or unwanted/unsolicited redirects on your system whenever you surfed on the Internet, but I don't see you having that sort of issue here.  If you were, then the threat is now successfully planted on your system, and is also actively trying to contact its host malware system every time you connect to the Internet, you would then have a problem.  You will see numerous pop-up stating this fact until you get the help you need from here to clean things up.  In case that ever happens, we will be here for you.   ;D 

Hopefully, you won't need that help.  avast! is smart and dependable and continuously protects us from threats we don't even know about.  It's not perfect, but it's certainly one of the best there is.

[EDIT:]  Added additional note at end of post.

Strange thing is I didn't even open any of the email messages as they were mostly advertisements and a couple confirmations from bills I had paid online.  I was deleting them when I received the popups. 

Unfortunately Windows Live Mail is my default email client and I don't know how or if I could change it.

In my opinion Avast is the best.  :)

.

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5700
  • Spartan Warrior
Re: Is This Something I
« Reply #6 on: November 21, 2013, 09:23:34 PM »
To post the full url of the block/warning message, go to avast! program window>My Devices>sign into my account.

You'll need to click the Statistics window from a different computer and select the one that was affected.  Scroll down to the bottom where you will find the two full url's posted there.

Copy/paste or screenshot the two error messages found on the system account and post/attach them with your next reply.  Use Alt+PrintScreen and Paint or the Snipping Tool to capture just the avast! window; you will not have to include your entire desktop that way
Windows 10 Home 64-bit 22H2 Microsoft Windows Defender - Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.4.6112 (build 24.4.9067.762) UI version 1.0.803

Offline midnight

  • Massive Poster
  • ****
  • Posts: 2475
Re: Is This Something I
« Reply #7 on: November 21, 2013, 09:50:15 PM »
You'll need to click the Statistics window from a different computer and select the one that was affected.  Scroll down to the bottom where you will find the two full url's posted there.

My husbands computer wasn't affected.
.

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5700
  • Spartan Warrior
Re: Is This Something I
« Reply #8 on: November 22, 2013, 08:04:29 AM »
hi -midnight,

OK, sorry for that.  Let's try it another way, this time using your system.  You've got avast! 2014 installed? Also have Avast! Online Security in your browser?

Open the browser you normally use.  Click the green icon for AOS, and a window will slide in from the right side.

Click My Avast bottom left of new window and a second tab will open in whatever browser you use.  Enter your credentials in that new window for your avast account.  Click to login.

Select your system and click:  My Devices>your system>View Details>Activity Log. 

You should now see the full url captured by avast if you only upgraded your system to 2014 or are at the old version still.  Highlight the full url and copy/paste it into your next reply.  Please change the http: part to hxxp: to kill the live link so as to not possibly infect/scare other members here for safety reasons.   ;)

We will investigate this link if you find it and post it here.
Windows 10 Home 64-bit 22H2 Microsoft Windows Defender - Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.4.6112 (build 24.4.9067.762) UI version 1.0.803

Offline midnight

  • Massive Poster
  • ****
  • Posts: 2475
Re: Is This Something I
« Reply #9 on: November 22, 2013, 01:04:33 PM »
hxxp://ed66e9m.fufeu.com/?2wp=54c0z2zqcopqez60f1zez7oz25zyzf3gz2nkzldtz0z1&e8c=fig.1_23_gmi&1l7j=203f

hxxp://1f9ett2q9.cifuo.com/?atcl=4db0z2zqcuoc0z60f1zjz8nz24z1jzhbhz1wdzmcnz0z1&2bgq=fig.1_25_gmi&j7rl=e5c1

hxxp://1f9ett2q9.cifuo.com/?dg97=4db0z2zqcuoc0z60f1zjz8nz24z1jzhbhz1wdzmcnz0z1&kkbs=gpj.dlog&5wxs=f1f9

Just did another scan and no threats detected.

 ??? ???






« Last Edit: November 23, 2013, 12:32:17 AM by -midnight »
.

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5700
  • Spartan Warrior
Re: Is This Something I
« Reply #10 on: November 23, 2013, 10:20:50 AM »
Only thing I've come up with so far is that these are links to some email you likely opened in your email box:
http://urlquery.net/report.php?id=7886718
http://urlquery.net/report.php?id=7886723
http://urlquery.net/report.php?id=7886730
The last I would put in the category of spam mail.  Click each link and then have a look at the website screenshot at upper right; click that to see what is there.

jsunpack reports no java coding embedded in these links.  An example of that here:  http://jsunpack.jeek.org/?report=fc6b1901b1bb9c9faa594b747a53282cff1ba8aa
http://jsunpack.jeek.org/?report=fc6b1901b1bb9c9faa594b747a53282cff1ba8aa
http://jsunpack.jeek.org/?report=fc6b1901b1bb9c9faa594b747a53282cff1ba8aa

As you can see, all urlquery links refer to things outside of your computer, there is nothing within or inside.
Windows 10 Home 64-bit 22H2 Microsoft Windows Defender - Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.4.6112 (build 24.4.9067.762) UI version 1.0.803