malicious URL blocked; hxxp://rk400.com/?sov=rook-fwdservice.com

[araphax79]

Several days ago Avast starting chirping like crazy to warn me of a malicious url that was blocked.  I ran a regular scan which turned up nothing. I then ran a boot scan, which also turned up nothing. I hit the forums in search of other users who may be having the same issues and found several that were similar but not the same.  I downloaded TDSSKiller to my desktop and ran that and it also came back clean.  I did all of my application updates and then reran both the Avast boot scan and the TDSSKiller.  The Avast showed Error 42145 {installer arcive is corrupted.} but TDSSKiller found nothing.  At this point I really need to figure this out as I use my laptop for accessing work related stuff and I can not get on to the system until this is resolved and I am so far behind with this interruption that I'm thinking about quiting my job as i will never get caught up! (just kidding, but I am feeling rather desperate)  Any help would be appreciated!

[iroc9555]

Araphax79 welcome to Avast! forum

Installer archive is corrupted does not mean it is an infection. Just mean that it is corrupted and it happens a lot with zip files. If an URL was stopped by the web shield or network shield for sure it was just that an alert by Avast! and you are safe. Now if you want to be sure your PC is clean you must open a new topic in Viruses and Worms and ask for help.

http://forum.avast.com/index.php?board=4.0

You must read this first and follow the guide to attach the logs required:

http://forum.avast.com/index.php?topic=53253.0

[polonus]

The URL is a PHISHING site: htxp://zulu.zscaler.com/submission/show/fed70e31522d3a890cfcb0f6f7487236-1332021245
and the virus there is JS:ScriptIP-inf Trj ] I get a  ^^eval do_redirect() ^*** called setTimeout with do_redirect(), 0 *^
Avast detect this as URL:Mal. This could be a tag to script detection,

polonus

[!Donovan]

Hi araphax79,

What Polonus says is true. See attached.

[polonus]

Hi !Donovan and what you are showing in your image ultimately goes to a.o. a checker e mail validation script 
-static.rewardchannelcenter.com/templates/video.mini/US_FLU20336/js/script2.js
It checks to exclude false mails given and sorts for exclusion of aero|arpa|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro|travel|mobi|

If I scan the script URL at BrightCloud, I get a moderate risk alert, meaning that there is some probability that the user will be exposed to malicious links or payloads, rep index score  yellow 50, this is not in conflict with avast Network Sield that blocks this as URL;Mal,

polonus

[!Donovan]

Hi Polonus,

I also saw some instances of "survey", "prize", "form", and "question" when decoded.

It also checks the length of the phone number recieved. Smart.

[Pondus]

only avast engine detect
https://www.virustotal.com/file/bba822c6a55e913c3daf31fbd6b9a0742ea4d3da383a8293c886854e671d53e6/analysis/1332023714/

not listed at PhishThank


urlQuery
http://urlquery.net/report.php?id=32510

[polonus]

Hi Pondus,

When I tried to go to -static.rewardchannelcenter.com/templates/video.mini/US_FLU20336/js/script2.js Google alerted me to some akamai page redirect that could land me somewhere else and change my settings and I backed out, there must be some unknown_html_RFI attack,
There is also a link on that page to see: htxp://www.google.com/safebrowsing/diagnostic?site=ajax.googleapis.com with 40 scripting exploitds, 21 exploits, 1 trojan,

polonus

[rino19ny]

only recently i'm receiving the same popup message. i immediately run malwarebytes and spybot to do full scan and turned out nothing.

i think avast! is broken or something.

[Pondus]

only recently i'm receiving the same popup message. i immediately run malwarebytes and spybot to do full scan and turned out nothing.

of course......as the detection (or more correct URL block)  is on the website and not in the computer

[rino19ny]

of course......as the detection (or more correct URL block)  is on the website and not in the computer

but i get that popup as soon as i start Windows, no browser are open. the only service that i know of that needs internet access is avast! and some MS services. that's why i did a full scan.

so the question is, what is causing that alert?

[AntiVirusASeT]

but i get that popup as soon as i start Windows, no browser are open. the only service that i know of that needs internet access is avast! and some MS services. that's why i did a full scan.

so the question is, what is causing that alert?

that might be a sign of infection, but Avast is blocking outgoing by malware on ur computer (partial protection)
need some1 more experienced to confirm this.

[Pondus]

go to the virus and worms section and start a new topic   http://forum.avast.com/index.php?board=4.0

follow this guide and attach the logs from malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

[rino19ny]

to the thread starter, are you by chance using Google Chrome 17.xx ?

[Jack 1000]

only avast engine detect
https://www.virustotal.com/file/bba822c6a55e913c3daf31fbd6b9a0742ea4d3da383a8293c886854e671d53e6/analysis/1332023714/

not listed at PhishThank


urlQuery
http://urlquery.net/report.php?id=32510

My question would be, if Avast blocked this Trojan, why is the OP still getting strange stuff on his computer?

Jack