Author Topic: "Threat Secured" keeps popping up with the URL: Blacklist notification  (Read 3937 times)

0 Members and 1 Guest are viewing this topic.

Offline aghariakalbe

  • Newbie
  • *
  • Posts: 4
Hi, I have been getting the threat secured for a while now continuously. The blacklisted URL that is getting blocked is wpad.ib-wrb304n.setup.in. I have attached the popup screenshot and the Mbam scan log.

Offline aghariakalbe

  • Newbie
  • *
  • Posts: 4
Here is the mbam log

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Just wait for a final verdict form avast team, as this could be an FP,
as there is only one engine to flag at VT at the mo for -wpad.ib-wrb304n.setup.in:
https://www.virustotal.com/gui/url/c4d3d0daae2e256104372bc12f296fddf1b8ea7d50c7076e8b6be8a1a9da6f13/detection  But it is also flagged at DrWeb's as "non-recommended-site".

More leaning towards this: https://www.virustotal.com/gui/ip-address/199.59.242.153/detection
also see: https://www.virustotal.com/gui/ip-address/199.59.242.153/relations

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
@polonus, your VT scan is 6 months old, see attached screenshot

I have now refreshed it






« Last Edit: April 04, 2021, 12:00:37 AM by Pondus »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
What is strange for me is that the process responsible for the connection is svchost.exe. Whilst this in some cases is legit usage, but has also been used by malware in the past.

So yes I agree this needs further investigation.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline aghariakalbe

  • Newbie
  • *
  • Posts: 4
@polonus Thanks for replying. The window keeps popping up and is really annoying. Should I speak to the avast support team regarding it. Where should i check the status of FP for this url.

Offline aghariakalbe

  • Newbie
  • *
  • Posts: 4
@DavidR I agree this is somewhat strange and I havent seen this url giving an issue to anyone else from my search.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
@DavidR I agree this is somewhat strange and I havent seen this url giving an issue to anyone else from my search.

Other scans on this site/url:
This one considers it a Medium Security Risk - https://sitecheck.sucuri.net/results/setup.in
This on reports security hints - https://webhint.io/scanner/25bc1403-eb1e-46a3-a889-e23c8f2fdb4a

These in themselves don't mean it is infected, but the failings mentioned could make it more likely to become infected/hacked.

Combine this with the unknown access from your system that you didn't initiate, just makes me more suspicious.  However I'm no expert in this area, it really needs a qualified malware removal specialist to investigate.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline ArnabM

  • Newbie
  • *
  • Posts: 2
@DavidR I agree this is somewhat strange and I havent seen this url giving an issue to anyone else from my search.

Hi! I am getting the same error with the same URL with svchost.exe as the process accesing it in my laptop and Desktop.
I had submitted my logs  in this forum but am yet to recieve a reply.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Scanned for the IP DavidR has come up with, detection:
https://www.virustotal.com/gui/ip-address/199.59.242.153/detection

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!