Network Shield warning malicious website 85.92.157.141; spam from my own e-mail?

[gtgalacio]

Avast has been giving me the warning “Network Shield: access blocked malicious website 85.92.157.141”. What is this website with this IP address? Why do I keep getting this warning?

I have also been getting recently spam e-mails from a Canadian company dealing with pharmaceuticals. The weird thing about these e-mails is that my own e-mail address appears in the “From” field. Does this mean that my e-mail account has been hacked?

[!Donovan]

Take a look at those:
http://www.mywot.com/en/scorecard/85.92.157.141
http://www.siteadvisor.com/sites/85.92.157.141
https://safeweb.norton.com/report/show?name=85.92.157.141
http://www.threatexpert.com/report.aspx?uid=e95f5625-380d-4209-b19b-ad0df41ed2db
http://www.google.com/safebrowsing/diagnostic?site=85.92.157.141&hl=en


Generally, if thats your IP address, then you made the site. Try scanning with Malwarebytes' Antimalware, SuperAntiSpyware or even Spybot Search and Destroy for any viruses. Did you try avast boot time scan? Download and do a full scan with a savelog file with HijackThis and report the findings.

[CharleyO]

***

Welcome to the forums, gtgalacio.   

I suggest that you immediately remove the posting of your email address ... unless you enjoy receiving spam email. Spambots regularly crawl through public forums such as this one to harvest email addresses.

Your email account may have been hacked ... or ... it may be the email account of a friend or family member who would have your email address in the address book. The "From" address is easily spoofed in almost any email program.

Another scenario is that you have a spambot on your computer. Do you have the avast email provider active? The email provider can alert you to spam being sent from your computer.

Please download HijackThis from the link below. Do not download HJT to the desktop but instead download it into it's own folder on the hard drive.

Run the program but do not make any fixes and then post the log results using the "copy & paste" method. It will probably take more than one post to be able to get the complete log posted.

OR, you can post it as an attachment to your post by clicking on "Additional Options..." below left of the posting box.  

When you post the log, be sure to include the complete log ... header and ending.
Someone will review your log and then offer help.

http://filehippo.com/download_hijackthis/


***

[CharleyO]

***

Is this your ISP?

 Recurring International Inc.

This is the owner of the IP address you gave above.


***

[gtgalacio]

***

Welcome to the forums, gtgalacio.  

I suggest that you immediately remove the posting of your email address ... unless you enjoy receiving spam email. Spambots regularly crawl through public forums such as this one to harvest email addresses.

Your email account may have been hacked ... or ... it may be the email account of a friend or family member who would have your email address in the address book. The "From" address is easily spoofed in almost any email program.

Another scenario is that you have a spambot on your computer. Do you have the avast email provider active? The email provider can alert you to spam being sent from your computer.

Please download HijackThis from the link below. Do not download HJT to the desktop but instead download it into it's own folder on the hard drive.

Run the program but do not make any fixes and then post the log results using the "copy & paste" method. It will probably take more than one post to be able to get the complete log posted.

OR, you can post it as an attachment to your post by clicking on "Additional Options..." below left of the posting box.  

When you post the log, be sure to include the complete log ... header and ending.
Someone will review your log and then offer help.

http://filehippo.com/download_hijackthis/


***

I have to post my e-mail address because I provide free legal counseling through my website www.familymatters.org.ph and blog www.famli.blogspot.com.

I downloaded Malwarebytes Anti-Malware and after running it, the message "Network Shield warning malicious website 85.92.157.141" no longer appears.

TODAY however I got hit with more than 500 copies of the message below, supposedly from Avcast Support but with a Gmail address. The message says that I should disable e-mail scanner so I immediately thought this was a scam. I deleted all the messages. Please help.

++++++++++++++++++++++++

--- On Wed, 6/10/09, alwil.alwilsoftware.support@gmail.com <alwil.alwilsoftware.support@gmail.com> wrote:

From: alwil.alwilsoftware.support@gmail.com <alwil.alwilsoftware.support@gmail.com>
Subject: Avast! Support
Date: Wednesday, June 10, 2009, 11:45 AM

Warning! A virus has been detected. This text and title was edited to prevent the virus from activating itself. Also, the address was hijacked to prevent the virus from hijacking into your contact list. If you don't care and want to view this message, please disable Avast's Mail Scanner and Avast! Outlook/Exchange Scanner by right clicking the "a" icon on your taskbar and selecting Pause Provider, you should see a line of things. Select Outlook/Exchange and Internet Mail.

[DavidR]

You don't have to post your email address in the forums, as you aren't providing free legal advice here and aren't advertising your services. All we are trying to do is stop your email address being harvested.

So if you don't care about your own email address then that is your choice, but it doesn't stop people warning of the possibility.

The email is a fake and doesn't come from Alwil Software, it doesn't use gmail for its business. There are a few topics on this already in the forums.

Whilst this doesn't come with any payload in the email it could be a pre-emptive measure for follow-up emails with a payload in the hope that some gullible people will have disabled email protection.

So you have to ask yourself how they (the spammers) got your email in the first place and harvesting off the internet (why we warned you above), someone whose system is infected and your email is in their address book, etc.

[gtgalacio]

I am a newbie and so I hope you will understand that I do not know what the netiquette is with this forum. I thought that I had to post another topic instead of posting a new topic here (the reason for the duplication). I have not really been involved in any kind of forums before (except one which I have not visited moire than a year now). I was forced to register with Avast in order to get help with this virus problem.

Anyway, I submitted this question about the fake e-mail from Avast to Technical Support and I got this message below. Surprisingly, as you can read, the Technical Support answer says that the e-mail I got seems to be valid. Now I am more confused! Please help.

++++++++++++++++++++++

[ASW #UTL-169935]: Fake warning message from Avast? Please help!
Wednesday, June 10, 2009 9:34 PM
From: "avast support center - ALWIL Software" <support@support.avast.com>

Hello Gerry,

It seems to be a valid avast! message, not a fake. Are you still having any virus infection or other problems?

Best Regards,

Petr Bucek
Technical Support
Alwil Software a.s.

[DavidR]

I highly doubt its validity, especially since you got 500 copies and there have also been others who got this and there really is no way they would recommend that you disabled the email protection. Nor I doubt would they use the language "If you don't care and want to view this message."

avast doesn't enter cr*p like this in the body of the email, it may add something like Infected to the Subject line. Basically it would alert on receipt of an infected email and the Options on the detection No Action (see image example, note the comments by No Action), so that would allow for the delivery of that email without disabling the email protection.

So Regardless of what has been said, IMHO this is a 'Fake' and should be ignored.