Author Topic: Help with "Malicious URL Blocked" Notification from Avast  (Read 12336 times)

0 Members and 1 Guest are viewing this topic.

Kristette

  • Guest
Help with "Malicious URL Blocked" Notification from Avast
« on: May 01, 2011, 08:33:25 PM »
I don't know much about computers, or viruses, all I know is lately I get a lot of those 'fake alert' worms - virus alerts from antivirus software you don't have (not a LOT, like three times in the last year)..

And every time I just reboot in safe mode and go back to my last known safe configuration, and the alerts stop.

But THIS time, the alerts have stopped but now I keep getting a "Malicious URL Blocked" Notification from Avast, sometimes when my web browser isn't even open, like every half an hour, for the exact same object every time..

And when I do a scan, it picks up nothing.

What should I do?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Help with "Malicious URL Blocked" Notification from Avast
« Reply #1 on: May 01, 2011, 10:00:22 PM »
I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Read this instructions and provide more info with the logs generated.
6. Clean your Hosts file (replacing it) with HostsMan tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster.
9. Check if you have insecure applications with Secunia Software Inspector.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89438
  • No support PMs thanks
Re: Help with "Malicious URL Blocked" Notification from Avast
« Reply #2 on: May 01, 2011, 11:22:38 PM »
Before doing all that can you post an image of the alert, right click on the avast icon and select Show last popup message.

Or the full text information on the alert.

For example see the first post in this topic of the info I mean, http://forum.avast.com/index.php?topic=77333.0.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Kristette

  • Guest
Re: Help with "Malicious URL Blocked" Notification from Avast
« Reply #3 on: May 02, 2011, 04:05:11 PM »
Quote
Before doing all that can you post an image of the alert, right click on the avast icon and select Show last popup message.

Or the full text information on the alert.

Here you go -

In the last four hours, this is what I got, when I go on Facebook, Google, IMDb, or not surfing at all..

All URL:Mal, all Blocked, all C:\WINDOWS\System32\svchost.exe
- 95.143.193.138/xxx_5/bGcyMDAwfDc3MjE5YzAyOTUwM2U1MD12Mjg...
- 199.80.55.80/go.php?uid=38787&suid=5323&data=MO%2FJTNwoZ...
- 199.80.55.80/go.php?uid=40542&suid=407341&data=OncfL%2Bzm...
- 199.80.55.80/go.php?uid=40542&suid=407341&data=gwTIM3Mo%...
- 199.80.55.80/go.php?uid=40542&suid=407341&data=TZzdArpCVjIk...
- 95.143.193.138/xxx_5/bGcyMDAwfDc3MjE5YzAyOTUwM2U1MD12Mjg...
« Last Edit: May 02, 2011, 04:07:20 PM by Kristette »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help with "Malicious URL Blocked" Notification from Avast
« Reply #4 on: May 02, 2011, 04:13:51 PM »
Hi Kristette


Download aswMBR.exe ( 511KB ) to your desktop.
 
Double click the aswMBR.exe to run it
 
Click the "Scan" button to start scan

 
On completion of the scan click save log, save it to your desktop and post in your next reply



THEN

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Select All Users
  • Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please attach the log in your next post.

Kristette

  • Guest
Re: Help with "Malicious URL Blocked" Notification from Avast
« Reply #5 on: May 10, 2011, 05:36:12 PM »
OK here we go..

aswMBR txt document attached.
OTS txt document attached.

Aaaand.. during the OTS scan, I got another Mal URL Blocked notification AND a window popped up to say "avastUI.exe has encountered a problem and needs to close.  We are sorry for the inconvenience. If you were in the middle of something, the information you were working on might be lost."

But then the scan just continued again. ..Hope that's not a problem.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help with "Malicious URL Blocked" Notification from Avast
« Reply #6 on: May 10, 2011, 09:41:09 PM »
Hi Kristettte, lets remove all the bad boys and associated rubbish from your system.  The OTS fix may take a while as all your temp folders are full.  Also did you turn off system restore ?

   
Re-Run aswMBR 
 
Click Scan
 
On completion of the scan
 
Click the   Fix Button  then reboot when told
 

 
Save the log as before and post in your next reply


THEN
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]
[Unregister Dlls]
[Registry - Safe List]
< FireFox Extensions [Program Folders] > ->
YN -> No name found ->
YN -> Hosts file not found ->
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "diisorvl" -> C:\WINDOWS\Temp\pfrickpek\ngbredqxsik.exe [C:\WINDOWS\TEMP\pfrickpek\ngbredqxsik.exe]
YY -> "effppwjytn" -> C:\WINDOWS\Temp\wekjkxbhjz\azbifsdcml.exe [C:\WINDOWS\TEMP\wekjkxbhjz\azbifsdcml.exe]
YY -> "Spyware Protection" -> C:\Documents and Settings\NetworkService\Application Data\defender.exe [C:\Documents and Settings\NetworkService\Application Data\defender.exe]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "diisorvl" -> C:\WINDOWS\Temp\pfrickpek\ngbredqxsik.exe [C:\WINDOWS\TEMP\pfrickpek\ngbredqxsik.exe]
[Files/Folders - Created Within 30 Days]
NY ->  gN31002DgFcE31002 -> C:\Documents and Settings\All Users\Application Data\gN31002DgFcE31002
[Files/Folders - Modified Within 30 Days]
NY ->  null0.20464395933339452.exe -> C:\WINDOWS\System32\null0.20464395933339452.exe
NY ->  hnpdk455onbm7h4186gu11ph7620 -> C:\Documents and Settings\All Users\Application Data\hnpdk455onbm7h4186gu11ph7620
NY ->  ko01y0s584ow7nr338j53g4dfi6j041507 -> C:\Documents and Settings\All Users\Application Data\ko01y0s584ow7nr338j53g4dfi6j041507
NY ->  PKP_DLdw.DAT -> C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
NY ->  PKP_DLdu.DAT -> C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[Files - No Company Name]
NY ->  syssvc.exe ->
NY ->  null0.20464395933339452.exe -> C:\WINDOWS\System32\null0.20464395933339452.exe
NY ->  hnpdk455onbm7h4186gu11ph7620 -> C:\Documents and Settings\All Users\Application Data\hnpdk455onbm7h4186gu11ph7620
NY ->  hnpdk455onbm7h4186gu11ph7620 -> C:\Documents and Settings\LocalService\Local Settings\Application Data\hnpdk455onbm7h4186gu11ph7620
NY ->  irh.exe ->
NY ->  ko01y0s584ow7nr338j53g4dfi6j041507 -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\ko01y0s584ow7nr338j53g4dfi6j041507
NY ->  ko01y0s584ow7nr338j53g4dfi6j041507 -> C:\Documents and Settings\All Users\Application Data\ko01y0s584ow7nr338j53g4dfi6j041507
NY ->  d370ib50k8d5s35bk41t72fyy28xc84 -> C:\Documents and Settings\Owner\Local Settings\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[File - Lop Check]
NY ->  gN31002DgFcE31002 -> C:\Documents and Settings\All Users\Application Data\gN31002DgFcE31002
[Custom Scans]
< hklm\software\clients\startmenuinternet|command /64 /rs > ->
YN -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> "C:\DOCUME~1\OWNER\LOCALS~1\TEMP\0.6655565011270769.EXE" -A "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE"
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
 

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.



Kristette

  • Guest
Re: Help with "Malicious URL Blocked" Notification from Avast
« Reply #7 on: May 11, 2011, 12:11:13 AM »
Will do that right now.. THANK YOU :) So exactly what "bad boys and associated rubbish" do I have on my system and how did it get there? Also, I have no idea if I turned off "system restore".. But I followed all your instructions :)

WHOOPS first hurdle: I re-ran aswMBR, did the Scan, then clicked Fix when the scan was complete, but when I went to minimize the window my PC froze, so I rebooted, did everything again and when I clicked Fix I got this pop-up:

"WARNING!! Writing a new master boot record to your system partition could damage your partition tables and cause your partitions to become inaccessible. This application writes standard Windows MBR code. Are you sure you want to fix the MBR?"

I said No.. Now what?
 
« Last Edit: May 11, 2011, 02:30:35 AM by Kristette »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help with "Malicious URL Blocked" Notification from Avast
« Reply #8 on: May 11, 2011, 08:50:41 PM »
Rerun aswMBR please I feel it has fixed it - then on with the OTS fix

They were a generic trojan downloader - the names and functions tend to blur between variants nowadays

Kristette

  • Guest
Re: Help with "Malicious URL Blocked" Notification from Avast
« Reply #9 on: May 11, 2011, 10:54:22 PM »
Will do. Because I haven't had a single Mal URL Blocked notification since I ran the first aswMBR and OTS.. It's wonderful :)

On a side note, I backed up my data to a flashdrive when all this began - should I do a scan on the flashdrive to be sure? And if so, how?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help with "Malicious URL Blocked" Notification from Avast
« Reply #10 on: May 11, 2011, 11:09:28 PM »
Open avast and select the removable media scan  ;D

Can't find any major errors yet on the logs - I have asked a tech to check them through though

kamakshi

  • Guest
Re: Help with "Malicious URL Blocked" Notification from Avast
« Reply #11 on: May 18, 2011, 05:43:05 AM »
Greetings,

 I am having the exact same problems for the last 2 days. Googled "malicious url blocked avast" and came across this topic. I've tried rebooting in safe mode and running scans with Avast/Spybot/Malwarebytes, and "fixing" reported problems, but nothing  has helped. Every so often, I get a popup  saying "malicious url blocked". A snapshot of the most recent one is attached.

(1) Spybot comes up with a Click.GiftLoad hijacker that I have been unable to get rid of. I am not if as a result of this, I have several svchost processes that have slowed down my computer. Tried deleting the "feature browser emulation" key in my registry multiple times without success.

(2) Malwarebyte also catches some problems and "fixes" them, only to have them return at the next scan.

(3) Avast comes up clean on doing a scan of my C drive though :-(

I have downloaded both aswMBR.exe and OTS, but will wait for further instructions. If someone could help me fix this problem, I will be very very thankful.

Thanks in advance,
Sridhar.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89438
  • No support PMs thanks
Re: Help with "Malicious URL Blocked" Notification from Avast
« Reply #12 on: May 18, 2011, 03:30:10 PM »
Then Start you own new topic (http://forum.avast.com/index.php?board=4.0, click the New Topic button at the top of the page), so as not to confuse this one with trying to help multiple people in the same topic.

Read Reply #4 by essexboy above and start the process off in your new topic and run the tools in order, attaching the logs to the post (Additional Options in the reply window).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

kamakshi

  • Guest
Re: Help with "Malicious URL Blocked" Notification from Avast
« Reply #13 on: May 18, 2011, 06:12:31 PM »
Thank you for responding..

I apologize, i should have read the forum guidelines before posting.. i will repost in a separate topic, along with the logs that will be necessary. Thank you again for responding so quickly.

Regards,
Sridhar.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89438
  • No support PMs thanks
Re: Help with "Malicious URL Blocked" Notification from Avast
« Reply #14 on: May 18, 2011, 07:07:47 PM »
Unfortunately there aren't any forum guidelines to help you, so no need to apologize.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security