Author Topic: Url:Mal pop-ups from seemly sound sources  (Read 36278 times)

0 Members and 2 Guests are viewing this topic.

Sprey

  • Guest
Re: Url:Mal pop-ups from seemly sound sources
« Reply #75 on: June 12, 2012, 03:59:56 PM »
Interesting that that scanner thought the site was in infected, but yes, it is legitimate activity. This is the same for all the other blocked URLs though (for example those blocked in relation to chrome.exe and svchost.exe): they all appear to be legitimate connections. For example the last blocked URL on chrome.exe was hXXp://safebrowsing.clients.google.com/safebrowsing/downloads?client which, though I am not really sure what it is, it doesn't look too scary if it is on the google domain.

EDIT: and yes, the other ones, as you refer to them, keep popping up from time to time, DavidR. Sometimes when I open chrome Avast will block all URLs, then after taking out and re-connecting my Ethernet cable it will allow them again...
« Last Edit: June 12, 2012, 04:06:21 PM by Sprey »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88145
  • No support PMs thanks
Re: Url:Mal pop-ups from seemly sound sources
« Reply #76 on: June 12, 2012, 04:36:41 PM »
I don't know if some of these urls with very long strings might be interpreted as suspect/malicious (as this is a common tactic).

I can't speak for chrome I don't use it, I never got on with the interface, so I can't check anything out.

I was only able to investigate the zune,net one.

But given Jeff's work over this topic, there seems to be something going on in your system (though I'm no malware removal specialist), I was thinking possible browser hijack. But I will have to leave you in Jeff's hands for any malware removal.

It was just that I thought there might have been another possibility that the detections might possibly have been an FP so checked out the zune.net alerts.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.9.6082 (build 23.9.8494.792) UI 1.0.781/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

jeffce

  • Guest
Re: Url:Mal pop-ups from seemly sound sources
« Reply #77 on: June 12, 2012, 04:46:22 PM »
Quote
I've got a wired internet connection.
Are you actually connected say at a wall or through a router?

As for browser hijacks I am just not seeing it in these logs....We have uninstalled and reinstalled Chrome so that should not be it....Are any popups happening in Firefox??

Sprey

  • Guest
Re: Url:Mal pop-ups from seemly sound sources
« Reply #78 on: June 12, 2012, 04:48:10 PM »
To DavidR:
Well to me the whole thing seems like a FP... I've dealt with viruses before (alas, not on this laptop) and I know what they "feel" like. And this doesn't "feel" like a virus. Also I wouldn't say it was a browser related thing since when I use IE instead of chrome I get similar popups, as well as popups from different sources anyway (e.g. zune and svchost).

The only thing is, something is irritating Avast, and whatever it is has developed in the last month (ish): I didn't get these popups when I first installed avast when I got this laptop back in august of last year...

And, as Jeff said in his last post, the logs are coming back clean, yet the popups keep coming...

TO jeffce:
I am connected at a wall port to my university college's network, but this problem did not happen in my first two terms earlier in the year / last year, so I cannot see how it would be related to that...

EDIT, also to jeffce: no I don't use firefox, any files that you see in the logs must be left over from when I tried firefox 4 and disliked it and so uninstalled :P
« Last Edit: June 12, 2012, 04:50:14 PM by Sprey »

jeffce

  • Guest
Re: Url:Mal pop-ups from seemly sound sources
« Reply #79 on: June 12, 2012, 04:52:12 PM »
Quote
no I don't use firefox, any files that you see in the logs must be left over from when I tried firefox 4 and disliked it and so uninstalled
;D
----------

Quote
I am connected at a wall port to my university college's network
When you use this laptop in other places does the same thing happen??

Sprey

  • Guest
Re: Url:Mal pop-ups from seemly sound sources
« Reply #80 on: June 12, 2012, 04:55:35 PM »
Quote
When you use this laptop in other places does the same thing happen??
well when I was home at Easter I didn't have any problems, but then again that was before I had any problems with it here at university, so that's not a proper test. Maybe I shall take a trip into town tomorrow and use a cafe's wifi or something and check it out, it will be interesting to see the results for sure...
« Last Edit: June 12, 2012, 04:58:03 PM by Sprey »

Sprey

  • Guest
Re: Url:Mal pop-ups from seemly sound sources
« Reply #81 on: June 12, 2012, 04:56:47 PM »
sorry for a double post, I meant to attach this: my last popup message, this one from svchost.exe, just to let you see the URL...

jeffce

  • Guest
Re: Url:Mal pop-ups from seemly sound sources
« Reply #82 on: June 12, 2012, 05:01:41 PM »
Quote
Maybe I shall take a trip into town tomorrow and use a cafe's wifi or something and check it out, it will be interesting to see the results for sure...
You know that might not be a bad idea.  If nothing pops up there it could be something on the university's side that is messing with this.  If you were using a router I was thinking it may be infected but since you aren't using one that seems to be shot. 

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88145
  • No support PMs thanks
Re: Url:Mal pop-ups from seemly sound sources
« Reply #83 on: June 12, 2012, 05:07:45 PM »
To DavidR:
Well to me the whole thing seems like a FP... I've dealt with viruses before (alas, not on this laptop) and I know what they "feel" like. And this doesn't "feel" like a virus. Also I wouldn't say it was a browser related thing since when I use IE instead of chrome I get similar popups, as well as popups from different sources anyway (e.g. zune and svchost).

The only thing is, something is irritating Avast, and whatever it is has developed in the last month (ish): I didn't get these popups when I first installed avast when I got this laptop back in august of last year...

And, as Jeff said in his last post, the logs are coming back clean, yet the popups keep coming...
<snip>

Which is exactly why I started look at the possibility of FP.

The problem with that is, with firefox 13.0 I was able to visit the zune.net site without alert, now generally the Network Shield will be alerting on a domain and not a sub-domain and certainly not on a file as such. However, since I don't have zune or an account I can't exactly replicate your connecting to your zune account.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.9.6082 (build 23.9.8494.792) UI 1.0.781/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Sprey

  • Guest
Re: Url:Mal pop-ups from seemly sound sources
« Reply #84 on: June 12, 2012, 05:12:37 PM »
To DavidR:
I too can access Zune.net just fine (no block from the network shield), but when the desktop software tries to automatically log me in when I open the application, it causes a popup to show. Also note that this doesn't happen consistently: sometimes it will manage to log me in without firing a popup.

To jeffce:
well the only other place other than the wired connection I am using now which I have used since these popups first occurred is possibly the wireless connection in my university's library (I cannot remember whether or not I have been there or not since these popups started happening, and if I did whether or not I got any popups whilst there) so since that's still related to the university I think I shall take a trip into town tomorrow...
« Last Edit: June 12, 2012, 05:15:46 PM by Sprey »

jeffce

  • Guest
Re: Url:Mal pop-ups from seemly sound sources
« Reply #85 on: June 12, 2012, 05:18:44 PM »
Quote
I think I shall take a trip into town tomorrow...
Sounds good. 

Moosy

  • Guest
Re: Url:Mal pop-ups from seemly sound sources
« Reply #86 on: June 13, 2012, 01:48:38 AM »
Hi, you're not the only one with this problem. This cropped up for me not that long ago. For me it's mainly crl.microsoft sub-domains that are cropping up. Seen quite a few relating to home-student, which presumably means my installation of Microsoft Office home and student edition.
Like Sprey's, they all turn up as a URL:mal infection. I ran a full scan on Avast!, which didn't detect anything, although I haven't run a boot time scan yet.
I also get my internet through a wall plug at university.
None of this activity seems to be correlating with Avast updates.
EDIT: Moved section of post to attachements because I don't like hyperlinks.
« Last Edit: June 13, 2012, 02:24:24 AM by Moosy »

Moosy

  • Guest
Re: Url:Mal pop-ups from seemly sound sources
« Reply #87 on: June 13, 2012, 02:06:09 AM »
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
nopenopenopenopenope!!! [administrator]

13/06/2012 00:53:03
mbam-log-2012-06-13 (00-53-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211991
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

waat.png shows what happened when I started the avast console ten minutes ago. Clicking the pop-up led to a blank page.
waaat.png is what occurred when I attempted to update the database about ten minutes ago. Updating worked on the second attempt.

Sorry, not sure if I should have started a new thread for this, but the problem seems very similar and unique.

Additionally, I get this all the time regardless of whether a browser is running or not.
« Last Edit: June 13, 2012, 02:16:01 AM by Moosy »

jeffce

  • Guest
Re: Url:Mal pop-ups from seemly sound sources
« Reply #88 on: June 13, 2012, 04:35:03 AM »
@Moosy

Please start your own topic.  :)  Thanks.

Sprey

  • Guest
Re: Url:Mal pop-ups from seemly sound sources
« Reply #89 on: June 16, 2012, 11:23:33 AM »
Ok, stuff came up in the past two days preventing me from going into town, and I see that you are on holiday from 17th-25th, so...

Considering that I don't think that this is malicious, more a problem with my system/the university network (we await to see which one), I am going to wait until friday 22nd when I get home to try my laptop on a different internet connection, rather than try it in town here.

Have a great, malware free holiday!