"Malicious URL Blocked" randomly pops up when I click on reputable links

[Jringo7]

I ran an avast! scan and a malwarebytes scan; both came back clean.
Here is the message:
http://i.imgur.com/dLSmi.png

When I click on a google search link that I regularly visit (yahoo/youtube/etc.), this message will randomly pop up. But after clicking the same link again, it opens with no problem. If there is anything else I can provide someone who might be able to direct me, I will get it as soon as possible.

[Nesivos]

I ran an avast! scan and a malwarebytes scan; both came back clean.
Here is the message:
http://i.imgur.com/dLSmi.png

When I click on a google search link that I regularly visit (yahoo/youtube/etc.), this message will randomly pop up. But after clicking the same link again, it opens with no problem. If there is anything else I can provide someone who might be able to direct me, I will get it as soon as possible.

Sometimes even good sites wind up with bad script on them.

Are you using NoScript?  If not you might want to consider installing it and see what happens

http://www.hoopsworld.com/Story.asp?story_id=19895

[Jringo7]

Ive read that noscript will just mask the problem and not make it go away :/

Anyway, is there a way to find out if that IP is fishy? I guess it'd have to be, right?

[Nesivos]

Ive read that noscript will just mask the problem and not make it go away :/

Anyway, is there a way to find out if that IP is fishy? I guess it'd have to be, right?

Why don't you just go read the reviews and find out what it does and if people who use it like it.

Its the third most popular Firefox addon and gets over 400,000 downloads a week with a total to date of over 85 million downloads.  I find it hard to believe that there are any Firefox users that don't use NoScript, seriously

https://addons.mozilla.org/en-US/firefox/addon/noscript/

It blocks the bad stuff which is also what Avast does.  Neither of them eat it for lunch

[Jringo7]

Well I downloaded it and am using it. Thanks for the tip. But man this is a bit annoying to use.

Anyway, are you saying that if the error quits popping up, it's ok to just leave my system as-is and eventually one of the virus definitions will catch it? I would HATE to wipe my drive clean, but I would hate it even more if I lost all my personal info.

[SafeSurf]

@ Jringo7,

Can you please change your initial link from http to hXXP so no one can accidentally click on it in case it is malicious?

In the meantime, you  can submit the url to an online scanner:
- Anubis:  http://anubis.iseclab.org/?action=home
- Virus Total: http://www.virustotal.com/
- URL Void: http://www.urlvoid.com/
- SOS WebScan : http://soswebscan.jobandproject.com/beta_scan.php

The time it takes for the online scanners depends on web traffic to the site, so be patient.

Please post your results back here if it is clean or not (cut and paste).

NoScript (for FF) or NotScripts (for Chrome) is a very useful tool at eliminating scripting, which is often used for malware, and you can easily configure it.  Many of us use it.

[Jringo7]

Thank you for the advice. Anubis had a long queue, but SOSWebScan says: Your site URL hXXp://64.111.211.155/c.php?re=1&r=eNo9UcuOozAA-yAkJg9CyKEH6EBb has been successfully scanned.And No Malware or badwares found.

I also tried it with a "l" after the "yAk" in the address, because I can't tell from the imgur screenshot. Oh, and that is a screenshot of my error message, not a link to the possible malware.

[Gargamel360]

Well I downloaded it and am using it. Thanks for the tip. But man this is a bit annoying to use.

Yeah, it (NoScript) gets easier and is flexible, you can manage how much security you want it to handle.  

But I certainly remember the feeling, like you are trying to run with your shoelaces tied together.

I usually tell people to give it a week or so of good browsing time, and if it hasn't grown on you by then, just call it a day and move on.  Despite its being a gold-standard for browser security,  its just not for everybody.

[SafeSurf]

Can you please change your initial link from http to hXXP so no one can accidentally click on it in case it is malicious?

If you hover your mouse over your link, someone can click on it.  Please edit your post.

If you do not want to wait for Anubis, which is very comprehensive, then upload to Virus Total (VT).  But you need to use several scanners, not just one.

[Jringo7]

Thank you Gargame.

And Safesurf, the initial link was to an imgur.com upload that I made of the avast message popup. It is a screenshot that I uploaded personally, to imgur.com. It is totally safe (unless I am totally confused and I don't know what you're referring to).

Also- Anubis said there would be a ~7 hour wait. But on Ipillion.com, there are several complaints about the IP that is at the beginning of the URL in the avast message. Here is the link to the ipillion website, with user-shared complaints for the IP that was in my Avast message - http://www.ipillion.com/ip/64.111.211.155

I was only a little worried until I read those complaints and they sound just like mine.

[SafeSurf]

URL Void:
Report    2010-07-27 03:46:25 (GMT 1)
Website    ipillion.com
Domain Hash    1bf8c96b697679620ead8430ddc8b5ba
IP Address    209.62.45.43 [SCAN]
IP Hostname    ev1s-209-62-45-43.theplanet.com
IP Country    US (United States)
AS Number    21844
AS Name    THEPLANET-AS - ThePlanet.com Internet Service...
Detections    0 / 17 (0 %)
Status    CLEAN
      
Scanning site with:    AMaDa    CLEAN
Scanning site with:    BrowserDefender    CLEAN
Scanning site with:    Finjan    CLEAN
Scanning site with:    Google Diagnostic    CLEAN
Scanning site with:    hpHosts    UNRATED
Scanning site with:    Malware Patrol    CLEAN
Scanning site with:    MalwareDomainList    CLEAN
Scanning site with:    MyWOT    CLEAN
Scanning site with:    Norton SafeWeb    CLEAN
Scanning site with:    ParetoLogic URL Clearing House    CLEAN
Scanning site with:    PhishTank    CLEAN
Scanning site with:    SURBL    CLEAN
Scanning site with:    Threat Log    CLEAN
Scanning site with:    TrendMicro Web Reputation    CLEAN
Scanning site with:    URIBL    CLEAN
Scanning site with:    Web Security Guard    UNRATED
Scanning site with:    ZeuS Tracker    CLEAN

When using Anubis, you need to put in the code requested at the end of the page and the average wait time is 7 minutes.  Here is the one I did:

With Anubis, you need to put in the code requested on the bottom of the page to get expedited so it doesn't take so long.  I did this in minutes:

IP - hXXp://www.ipillion.com/ip/64.111.211.155:
- Anubis Report:  http://anubis.iseclab.org/?action=result&task_id=11ef51f6a0aad43c44d2be61d1145ad62

You can try that and VT as another resource as I gave you ones above.

[Jringo7]

ummm.... I'd wager that you know more about this stuff than I do, but didn't you just scan the ipillion website? I posted the IP from the avast warning into ipillion to see what the reviews showed. Here's where I think we aren't understanding each other: *The only link that I think is malicious is the one from (inside) my screenshot that I posted in my first message, where it says "object: ...". Imgur.com and ipillion.com are just two websites that I used and posted the links to my image/results.* But thank you very much for scanning that site--it's not something I would have thought to do, although my WOT said it was clean.

At this point in the night, I'm so tired that I'm not sure if I'm confused or I'm just not being clear. Either way, I'm going to get a few hours of sleep. Thank you for what you've helped with thus far and if you have any more advice, I would appreciate it tremendously.

[SafeSurf]

I do not click on unknown and possibly suspicious images...especially since you have not changed it yet from http to hXXP. 

You need to give us a url or scan it yourself with the links I gave you.  I'm sorry, but we cannot get malware or afford the forum to get infected. 

[kubecj]

This is Renos or Alureon 'call home' URL. It's not malicious per se, but it's a sign there's something rotten on the computer. Regarding urlvoid and similar - yes, it's normal that many of these ignore such c&c urls.

[Jringo7]

This is Renos or Alureon 'call home' URL. It's not malicious per se, but it's a sign there's something rotten on the computer. Regarding urlvoid and similar - yes, it's normal that many of these ignore such c&c urls.

So is there anything I can do to locate any potential malware and delete it? Is there any more info I can get in order to help you help me? I've run several scans and found nothing lately.