Author Topic: Detection URL:Blacklist  (Read 4395 times)

0 Members and 1 Guest are viewing this topic.

Offline dbophxlip2017

  • Newbie
  • *
  • Posts: 1
Detection URL:Blacklist
« on: May 12, 2022, 05:27:06 PM »
This will ONLY appear when a network connection is enabled otherwise its not found by avast.

Threat name: URL:Blacklist
URL: hxtp://104.155.207.188/win.pac
Process: C:\Program Files\Avast Software\Avast\AvastUI.exe
Detected by: Web Shield
Status: Connection Aborted

&

Threat name: URL:Blacklist
URL: hxtp://104.155.207.188/win.pac
Process: C:\Windows\System32\svchost.exe
Detected by: Web Shield
Status: Connection Aborted

ive ran scan after scan, used Avast, spybot, malwarebytes, booted to a linux partition and scanned with ClamAV and it finds nothing but it still remains.  how do I find this and remove it to stop this message once and for all outside of removing the windows virus and going back to linux?
« Last Edit: May 13, 2022, 10:14:18 AM by Milos »

Offline gtmjacksonville

  • Newbie
  • *
  • Posts: 1
Re: Detection URL:Blacklist
« Reply #1 on: May 16, 2022, 07:59:02 PM »
This is happening to me as well. The exact same thing.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Detection URL:Blacklist
« Reply #2 on: May 16, 2022, 10:28:44 PM »
RTB trojan-backdoor, read here: https://www.bleepingcomputer.com/forums/t/771229/rtp-detection-on-malwarebytestrojanbackdoor/  as MBAM also detects this malware.
Did not you notice that -http:// and not -https:// is an insecure connection?

9 security vendors detect: https://www.virustotal.com/gui/url/47ba015d9b7b182c540052fe7f40cfcbb42c9cdad850939cb9dfc738ba8a1da4

and
Quote
Joe Sandbox Analysis:

Verdict: MAL
Score: 56/100
Classification: -mal56.win@35/183@3/8
Domains: -accounts.google.com -clients.l.google.com -googlehosted.l.googleusercontent.com
-clients2.googleusercontent.com -clients2.google.com
Hosts: 142.250.185.206 192.168.2.1 104.155.207.188 142.250.185.193 239.255.255.250 192.168.2.23 142.250.186.77 127.0.0.1

HTML Report: https://www.joesandbox.com/analysis/624161/0/html
PDF Report: https://www.joesandbox.com/analysis/624161/0/pdf
Executive Report: https://www.joesandbox.com/analysis/624161/0/executive
Incident Report: https://www.joesandbox.com/analysis/624161/0/irxml
IOCs: https://www.joesandbox.com/analysis/624161?idtype=analysisid

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Michał19

  • Newbie
  • *
  • Posts: 1
Re: Detection URL:Blacklist
« Reply #3 on: May 25, 2022, 09:22:49 PM »
The same thing happened to me.
Fortunately, managed to removed.
Rom the settings level I enter the network and the Internet. I removed the URL from the automatic proxy configuration.  ;)