URL Blocked http://rk400.com/?sov=rook-s1ysoft.com

[jotswana]

Hi Everybody,

since yesterday i am getting URL Blocking Messages from AVASt every 5 to 10 minutes.
Objekt: http://rk400.com/?sov=rook-s1ysoft.com
Infektion: URL:Mal
Process: allways: wnsiapi.dll but from different Programms / Chrome, Mozilla Firefox, Thunderbird

I´m not sure what i can do about this. No infections where found on a complete scan. I read other posts, but i cant get this problem solved. Any help would be appreciated.

Avast Version: 7.0.1426 free
V-Database: 120322-0

Thank You,
Jotswana

[SafeSurf]

According to Virus Total and Dr. Web, both claim that the url is clean.

You claim that the Avast scan is also clean.  How about an Avast boot time scan?

Have you also tried an MBAM (Anti-Malwarebytes scan) http://www.malwarebytes.org/?  Remember to Update the definitions prior to scanning.

[jotswana]

Hello and thanks for helping

I made a complee scan with malwarebytes => no malware found
BootTimeScan => 2 Viruses Found: itunes & itunes Helper ??

Win32:Malware-gen
Win32:Trojan-gen

I deleted iTunes but the problem persists.
Any Ideas what I can do...

It´s just a bit anoying, that the PopUp comes every 5 minutes. And I´m not shure if its a false positive....

[SafeSurf]

Can you please update MBAM and run MBAM again and this time post the log for me to see?  Thank you.

[thekochs]

I have the same issue on one (not all) of my PCs.  It only happens when I log into InterNet Explorer.  The pop-up repeats every couple minutes.  I tried to add the website into the Block Shield but still comes up.  I've run MBAM, Avast Full, Avast Boot-Time scans and no issues.  I know the "site" is defined as BAD....but I am not sure what on my PC pulses to it when IE launches.....I assume the root cause.  The program shows as IE program ws2help.

At this point I'd like to be able to at least surpress the pop-up since I am not physically going to this website myself.  I would have assumed the Block Shield in Avast would have done this but can't seem to get it to work.

Let me know thoughts......I have four PCs at home and only one does this.....it is Windows XP SP3, all the latest updates and to be honest the most bare-bones system I have.....only really used for web searching periodically.

[thekochs]

UPDATE:
I just had Avast DB update (120328-2) and ran Full scan....found:
C:\Windows\system32\drivers\pfmodnt.sys
C:\Windows\system32\drivers\usbaapl.sys
......shows as High Severity...and Action to Delete.....tried to select DELETE and Avast gave me error that it could not find files.
I rebooted and ran MBAM in safe mode and found nothing.
I then noticed in the Status in Avast Chest that said these are hidden root kit files.
So, I went and scheduled a Boot Time Scan to have Avast Catch (Delete) these rootkit files on reboot.....it ran and no/zero items found.

Is there anything else I can try to remove ?
Any idea if the above is linked to this website issue ?...I ask because this PC has been clean prior.

Any help is very appreciated....thx !

[jotswana]

Hi SafeSurf,

i did another run with MBAM, nothing was found.
I´m going to reinstall windows, before something bad happens
Thanks for the help so far.

here is the logfile:

Code: [Select]

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
jochen :: JOCHEN [limited]

29.03.2012 10:41:58
mbam-log-2012-03-29 (10-41-58).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 886468
Time elapsed: 3 hour(s), 41 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


[thekochs]

Well, I've tried MBAM....normal and in Safe mode, Avast Full Scan and Boot Scanner......no/zero items found.
I also enabled site block an put this http://rk400.com in the list.....this thing still pops-up.
My machine is a XP Pro SP3 will all updates....thus loading a new O/S is not an option.

Any ideas by the experts are welcome !!!!
FYI, if this is not a real issue then I'd like to understand how to supress the message....the Site Blocking did not work.
I guess I could go in to Settings under PopUps and put "0" in the seconds but not sure that would work and seems a cluge.

[AntiVirusASeT]

please post in virus section of avast forum: http://forum.avast.com/index.php?board=4.0

wait for essexboy to help u determine if ur com is infected. hes an expert in that area.