Extremely annoying warning message

[anderson_p]

Hi everyone, i'm using avast home 4.8...

ever since i visited this random website, the following popup keeps appearing every 5 minutes or so... i'm afraid it has installed some sort of process in my system without my consent...


How can i get rid of this warning and how can i delete it forever?

Thanks

[Mr.Agent]

A thing is tried to enter on your network so Network Shield blocked it dont worry

Correct in any way if im false would be appreciate.

Mr.Agent

[DavidR]

It hasn't installed anything on your system as the network shield is blocking it.

This is the network shield blocking access to a site on its malicious sites list. The site you visited(?) is most likely hacked and something tries to redirect or run something at this Chinese site. What random site or are you talking about mixmediadirect.cn that 'you' visited ?

You don't really want to get rid of the warning, how else are you to know there is something suspect going on at the site you are visiting

[polonus]

Hi anderson_p,

DavidR, you just beaten me to it,
Can you mention the url of that site in a non-clickable way, like for instance hxtp://malcode_site.com
hxtp or hxxp makes the link non-clickable for a n00b visitor that can get infected.
The question is this site maybe a reputable site that has been hacked and infected by a hidden iFrame or SQL injection so it redirects to a malware silent download site. The avast shield prevented your computer (via the browser) from getting infected. Do not visit the site until it is cleansed, or alert the webmaster or site admin. Avast has a unique detection rate here,

polonus

[analfabet]

Im having the same problem as TS. Dunno what site i was on when it happend, but i know i was not on the site its trying to reach (like the pic in the 1st post)

It somehow infected my comp... cause every time i use Firefox i get this warningmessage, no matter what site im browsing on. I was hoping avast could detect from where in my comp the request is sent, but all i get is that box saying it blocked the access.

Its rly annoying to get it like once every 3rd min. Would rly appriciate all the help i can get!

[RejZoR]

Check here what's the name of the process that is trying to access this webpage. My log is empty, but in your's, there should be an entry with program name and address which is accessing it.
Post the name and location of the EXE file here please.

[CharleyO]

***

David & Polonus -

Please read the link below to see if the information there might help.

http://novirusthanks.org/blog/2009/03/analysis-of-a-website-infected-with-a-hidden-iframe/

The infector at the link is the same mixmediadirect.cn as in this thread.


***

[RejZoR]

Yes, but considering he is getting this in inetrvals, we can assume there is something on his system that is trying to download crap from this webpage. Thats why we need the name of the spawning process so we can eliminate it.

[CharleyO]

***

Isn't that what is at that link? The link lists files found on that computer.


***

[Randel]

Yes, but considering he is getting this in inetrvals, we can assume there is something on his system that is trying to download crap from this webpage. Thats why we need the name of the spawning process so we can eliminate it.

Hello, i have the same warning message.

As for the information asked :

19.05.2009  11:23:09  Network Shield: blocked access to malicious site mixmediadirect.cn/gate/gate.php [ C:\WINDOWS\system32\svchost.exe ( 3896 ) ]

Regards

[FreewheelinFrank]

First try a boot time scan with avast! Right click the scanner screen, select 'schedule a boot time scan' and reboot when requested. (Or open the tab at the top left of the scanner screen and select the boot time option from there.)

Try a scan with DrWeb CureIT!
Try a scan with Kaspersky Virus removal Tool

Try one or more of these free adware/spyware scanners.

SUPERAntiSpyware Free
a-Squared Free
Malwarebytes' Anti-Malware

[analfabet]

Yea i also got the
19.05.2009  11:59:13  Network Shield: blocked access to malicious site mixmediadirect.cn/gate/gate.php [ C:\WINDOWS\system32\svchost.exe ( 2024 ) ]

I looked through the link Charley posted, didnt find the same files as he did but i found some similar ones.
C:\WINDOWS\Temp\wpv531242686334.exe
Then i have a bunch of crypt.dll ... however i dont know which are supposed to be there (if any)
I have these that is names smth with crypt:
crypt32.dll
crypt32(3).dll
cryptdlg.dll
cryptdll.dll
cryptdll(3).dll
cryptext.dll
cryptnet.dll
cryptsvc.dll
cryptsvc(3).dll
cryptui.dll
cryptui(3).dll

I dunno how to find the hidden one in my doc&settings

Thanks for all the help so far tho! 

[FreewheelinFrank]

Rando web sites shouldn't be able to install malware (a drive-by infection).

You probably have some insecure web-facing software that allowed this.

Scan for out-of-date and insecure software using Secunia Online Software Inspector (OSI) and update any vulnerable software: this will help to prevent future infections.

[Randel]

I have reboot the computer.

I don't get the message anymore.

But zonealarm told me that a strange programme tried to acces internet :
pqarocuvuw yfyqu (c:\windows\ld08.exe)

i removed it using hickjackthis.

I made a boot scan with avast, he found nothing.

Should i make another scan with kapersky virus removal tool ?

[Lisandro]

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

If you still experience troubles, I can go further in my suggestions for on-line scanning.