Author Topic: Avast keeps blocking malicious URLS that I am not trying to visit  (Read 3303 times)

Offline bananajoe123

  • Newbie
  • *
  • Posts: 8
    • Personal Message (Offline)
Hello,
Avast keeps trying to block a url that I'm not trying to visit. It pops up with the "Malicious URL Blocked" just about every 30 seconds, so I'm assuming I've got a virus or something, however I did a scan and a boot-time scan and it came up with 0 infections.  This is the message that displays on the Avast website when I click the "malicious url blocked" pop up.

Infection Details
URL:   *deleted entirely so no one accidentally goes here*
Process:   C:\Windows\System32\rundll32.exe
Infection:   URL:Mal

Any suggestions on what I should be doing to fix this? I did a quick scan with Malwarebytes and that resulted in no infections as well, so I am now using ESET online scanner to test for anything that may be present.  Anyway, if I need to provide more information please let me know, I'm getting sort of annoyed of that voice that says "Threat detected" every 10 seconds.

« Last Edit: March 25, 2012, 01:34:53 PM by bananajoe123 »

Offline iroc9555

  • avast! Evangelist
  • Ultra Poster
  • ***
  • Posts: 5177
  • Gender: Male
  • CCS, Vzla.
    • Personal Message (Offline)
Re: Avast keeps blocking malicious URLS that I am not trying to visit
« Reply #1 on: March 25, 2012, 12:45:31 AM »
Bananajoe welcome to Avast! forum.

Could you please turn that URL inactive by changing http for hxxp. We don't want anybody clicking an infected site.

Follow this guide: http://forum.avast.com/index.php?topic=53253.0

and attach ( do not copy/paste ) logs for malwarebytes', OTL, and aswMBR.exe here:

http://forum.avast.com/index.php?board=4.0

Where a expert in the removal of malware will help you.
Hernan.
Dim 9200/XPS 410. C2D E6600; 2.40 GHz; 2 GB SDRAM. XP Pro_86. Spk3. IE 8 & FF 27 Avast! FREE 9.0.2016. CIS 5.12(Fw/D+). MBAM Premium. MCShield. SpywareBlaster. WinPatrol +. OpenDNS. WOT. SAS Pro (O/D).
“We are all ignorant, but we don't all ignore the same things..” Albert Einstein.

Offline bananajoe123

  • Newbie
  • *
  • Posts: 8
    • Personal Message (Offline)
Re: Avast keeps blocking malicious URLS that I am not trying to visit
« Reply #2 on: March 25, 2012, 12:47:25 PM »
Someone from the other subforum said to come back over here for help, so I'm not really sure what I should be doing. I attached everything here. Also I downloaded TDSSKiller but it didn't come up with any issues as far as I saw.
« Last Edit: March 25, 2012, 01:01:09 PM by bananajoe123 »

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29059
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Avast keeps blocking malicious URLS that I am not trying to visit
« Reply #3 on: March 25, 2012, 12:59:27 PM »
On completion of this run can you check for alerts

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Philip\AppData\Local\Temp\cusbohcn.sys -- (cusbohcn)

    :Files
    ipconfig /flushdns /c
    C:\Users\Philip\AppData\Roaming\.minecraft\sp.DLL

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20161
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: Avast keeps blocking malicious URLS that I am not trying to visit
« Reply #4 on: March 25, 2012, 01:07:36 PM »
Some additional info on that malware IP...
That IP has a redirect to: htxp://one-click-result.com. Bright Cloud rep index red 10 meaning High Risk
There is a high probability that the user will be exposed to malicious links or payloads. Malware site. One-click is adware/spyware.
Mentioned in MalwareURL list: domain=184.171.169.131

Follow the instructions from essexboy meticulously, he will help you with the removal,

polonus
 
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bananajoe123

  • Newbie
  • *
  • Posts: 8
    • Personal Message (Offline)
Re: Avast keeps blocking malicious URLS that I am not trying to visit
« Reply #5 on: March 25, 2012, 01:18:38 PM »
I ran the OTL fix as you suggested and then again as a quick scan. I attached the resulting OTL.txt file. So far avast hasn't popped up saying "Threat has been detected" yet, so I think that's taken care of the problem! Thanks! Could I ask what exactly was causing that to happen?

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29059
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Avast keeps blocking malicious URLS that I am not trying to visit
« Reply #6 on: March 25, 2012, 02:19:56 PM »
As Avast reported the offending programme as run32.dll  I knew I was looking for a dll file
I located one that was running and when I checked the file out it was not a legitimate file for that programme
So removing it clears the alerts

I believe it was being run from the driver that I deleted

Let me know tomorrow if the alerts have really gone

Offline bananajoe123

  • Newbie
  • *
  • Posts: 8
    • Personal Message (Offline)
Re: Avast keeps blocking malicious URLS that I am not trying to visit
« Reply #7 on: March 26, 2012, 12:16:43 PM »
The alerts from Avast have stopped, however when I start up my computer I receive this message each time:

"There was a problem starting C:\Users\Philip\AppData\roaming\.minecraft\sp.dLL"

Other than that nothing unusual is occurring.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29059
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Avast keeps blocking malicious URLS that I am not trying to visit
« Reply #8 on: March 26, 2012, 07:40:24 PM »
Could you run an OTL quickscan please selecting all users as I need to see what is try to run the bad boy

Offline bananajoe123

  • Newbie
  • *
  • Posts: 8
    • Personal Message (Offline)
Re: Avast keeps blocking malicious URLS that I am not trying to visit
« Reply #9 on: March 26, 2012, 07:58:18 PM »
Here's the OTL scan

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29059
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Avast keeps blocking malicious URLS that I am not trying to visit
« Reply #10 on: March 26, 2012, 08:24:44 PM »
Gotcha, after this run reboot and let me know if the error still pops up

 Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :OTL
    O4 - HKU\S-1-5-21-1131052956-3060490841-2635200303-1000..\Run: [sp] C:\Windows\system32\rundll32.exe "C:\Users\Philip\AppData\Roaming\.minecraft\sp.DLL",ServiceMain File not found

    :Files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Offline bananajoe123

  • Newbie
  • *
  • Posts: 8
    • Personal Message (Offline)
Re: Avast keeps blocking malicious URLS that I am not trying to visit
« Reply #11 on: March 26, 2012, 09:15:27 PM »
Here's the newest OTL file.

Update: As of this morning no messages have popped up on my computer screen, so I think everything is working fine now, thanks for your help!  Is there anything else I should do after this?
« Last Edit: March 27, 2012, 01:19:36 PM by bananajoe123 »

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now