Author Topic: Have URL:Blacklist issue  (Read 744 times)

0 Members and 1 Guest are viewing this topic.

Offline lky0223

  • Newbie
  • *
  • Posts: 2
Have URL:Blacklist issue
« on: June 14, 2022, 04:14:20 AM »
I have a question about malware(?).
Avast sends a web shield warning every 15 minutes.
I ran the whole virus scan about 3 times, but each time it was found and not resolved.

Here is the message.

Threat name : URL:Blacklist
URL : 104.155.207.188/win.pac
process : C: \Windows\System32\svchost.exe
by Web shield

Here is another URL : listincode.com/jsapi.php

The processor changes every time.
 My guess is that it detects an active processor when connecting to the internet.

« Last Edit: June 14, 2022, 04:39:43 AM by lky0223 »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86832
  • No support PMs thanks
Re: Have URL:Blacklist issue
« Reply #1 on: June 14, 2022, 04:34:45 AM »
Please break active URLs to suspect sites to avoid accidental exposure (remove the http/s and www elements just post the domain name.

Attach a screenshot of the avast alert window with the see details option open.  It could help the Avast Team.

Whilst svchost.exe does connect to the internet it isn't normal.

Others are also flagging this IP:
https://www.virustotal.com/gui/url/38ef8ec31e7b039875adc5b5486edb801c1a2c04c039ed60688745b1e426e4fe?nocache=1

Listincode.com - scores a big fat F for web page security:
https://snyk.io/test/website-scanner/?test=220614_BiDcFP_107&utm_medium=referral&utm_source=webpagetest&utm_campaign=website-scanner
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline lky0223

  • Newbie
  • *
  • Posts: 2
Re: Have URL:Blacklist issue
« Reply #2 on: June 14, 2022, 06:23:30 AM »
I use malwarebytes and it finds Hijack.AutoConfigURL.
Quarantiend and deleted files, and restart computer.
But it seems unresolved.

So I checked regedit HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
and autoconfigurl still remains. it redirect to url in main text.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76213
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Have URL:Blacklist issue
« Reply #3 on: June 14, 2022, 09:19:42 AM »
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33669
  • malware fighter
Re: Have URL:Blacklist issue
« Reply #4 on: June 15, 2022, 05:51:11 PM »
Example of a cleansing routine for someone infested wit this win.pac malcode.
From that forum:
https://www.bleepingcomputer.com/forums/t/772767/infected-by-trojan-antivirus-blocks-104155207188-winpac/

Mind you. N.B.

All routines should be performed under personal guidance of a qualified malware removal specialist,
and every routine is just strictly personal for your specific infection,
and every malware removal, comes with quite unique tailor-made instructions
for just that single particular victim.


polonus
« Last Edit: June 15, 2022, 05:54:32 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!