Author Topic: Threat Blocked? (Read 4916 times)

RonR · « **on:** April 20, 2017, 04:03:22 PM »

I have recently been getting this Avast popup message that a threat has been blocked when I open Firefox. I use session manager and open my last session with saved tabs from previous use. The threat is for "HXTP://208.73.211.178/favicon.ico"

How do I find if this is a threat or a false positive? I see the option to report it when the popup warning comes up but no explanation of what it is actually coming from.

Eddy · « **Reply #1 on:** April 20, 2017, 05:30:20 PM »

http://HTTP:// < not valid
And see this > https://www.virustotal.com/en/ip-address/208.73.211.178/information/

https://forum.avast.com/index.php?topic=194892.0

RonR · « **Reply #2 on:** April 21, 2017, 02:42:51 AM »

That is odd, I did not enter http://HTTP:// in my post. My post was "HXTP://208.73.211.178/favicon.ico"

I will return with the logs.

RonR · « **Reply #3 on:** April 21, 2017, 02:47:05 AM »

OK for some reason the post is being changed from what I type to what is showing in the thread. I am actually typing HTTP://

not http://HTTP://

Eddy · « **Reply #4 on:** April 21, 2017, 11:28:35 AM »

Make the link not clickable.
e.g. change http to hxxp

RonR · « **Reply #5 on:** April 21, 2017, 03:22:47 PM »

Thank you. Here are the logs,

RonR · « **Reply #6 on:** April 24, 2017, 03:40:27 AM »

Any help here?

RonR · « **Reply #7 on:** April 26, 2017, 04:38:55 AM »

I see this warning every time I open my Firefox browser. Still looking for advice on how to resolve this issue.

DavidR · « **Reply #8 on:** April 26, 2017, 11:21:10 AM »

There may be a delay, depending on time zones of volunteer malware removal specialists and their other commitments.

dbrisendine · « **Reply #9 on:** April 27, 2017, 05:38:28 AM »

The culprit is not showing well in the logs; we need to see if these find the malware.

FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.

SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:

Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this

On reboot (if one is needed) a log will be produced; please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C#].txt

Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

RonR · « **Reply #10 on:** April 27, 2017, 03:19:32 PM »

Thank you, my apologies for sounding impatient.

Here are the logs,

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by Ron (Administrator) on Thu 04/27/2017 at 7:03:54.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/27/2017 at 7:06:43.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v6.046 - Logfile created 27/04/2017 at 07:49:45
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-25.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Ron - DELL2
# Running from : C:\Users\Ron\Desktop\adwcleaner_6.046.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Folder Found: C:\ProgramData\7e9b3c0a-50d6-412c-a18b-84253f834df2
Folder Found: C:\ProgramData\a1d49abb-81de-4156-9708-1d37ed15843d
Folder Found: C:\ProgramData\e175506b-5072-4751-8a82-4f817fc0ed15

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

Shortcut infected: C:\Users\Ron\Desktop\From old drive\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Express\Change Reimage Express Language.lnk ( /Branch=Reimage /Product=Reimage_Express )

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1333 Bytes] - [27/04/2017 07:49:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1406 Bytes] ##########

Just as an FYI, I checked the 3 folders that AdwCleaner found before deleting them. They were old driver install files, two were empty folders and one was very small.

I still get the "Threat Blocked" warning when opening Firefox.

dbrisendine · « **Reply #11 on:** April 28, 2017, 07:24:49 AM »

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Any improvement?

RonR · « **Reply #12 on:** April 28, 2017, 10:35:04 AM »

I ran the fixlist.txt. Still get the "Threat Detected" on opening FF.

dbrisendine · « **Reply #13 on:** April 28, 2017, 04:51:43 PM »

Do you still get the warning if you start FireFox in Safe Mode? ( https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode )

RonR · « **Reply #14 on:** May 07, 2017, 03:30:48 PM »

Strange, but for some reason the warning has stopped.

Sorry for the slow reply, I was out of country on vacation.

Firefox has had a recent update IDK but maybe that had something to do with the issue. Seems to be gone for now.

Author Topic: Threat Blocked? (Read 4916 times)

RonR

Threat Blocked?

Eddy

Re: Threat Blocked?

RonR

Re: Threat Blocked?

RonR

Re: Threat Blocked?

Eddy

Re: Threat Blocked?

RonR

Re: Threat Blocked?

RonR

Re: Threat Blocked?

RonR

Re: Threat Blocked?

DavidR

Re: Threat Blocked?

dbrisendine

Re: Threat Blocked?

RonR

Re: Threat Blocked?

dbrisendine

Re: Threat Blocked?

RonR

Re: Threat Blocked?

dbrisendine

Re: Threat Blocked?

RonR

Re: Threat Blocked?