Regarding blocking connection

[essexboy]

I am wondering whether it was a False positive that has now been corrected...  Could you monitor for a little longer ?

[Max Bhatia]

Well........i was wrong................
This problem still exists.........It was only a matter of time that it didn't pop-up.............but i am getting the same problem now again and again........
Please provide a solution..........

[essexboy]

Hmm this is one little blighter ...  Does it occur with all browsers ?

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.

• Save it to the desktop.
• Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
• You will receive a prompt:

Do you want to skip supplementary searches?
click NO[/list]

• If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
• You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  
• Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
  

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

[Max Bhatia]

Here is the attached log file of silent-runner which u asked me to run.............the file contents are way too long i am attaching the file rather than pasting its contents here........
The only thing i notice now is that..........the frequency of popping-up of "blocking malicious url connection" has considerably decreased now.........
I also tried to trace the IP where connection is being made (as Avast pop-up shows while blocking).......and it came out to be somewhere in US.........

[essexboy]

Yes I backtracked it to the east coast...  Bear with me here I am trying a few different solutions in other threads

[Max Bhatia]

Has anyone got a solution with the problem (Malicious URL connection) i posted weeks ago.........??

[essexboy]

Ooops sorry I lost you.. I may have a possible solution


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

Code: [Select]

:regfind
wpad.net.ms
wpad.dat
85.214.17.43

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[Max Bhatia]

Here is the log which u asked for..............

SystemLook 30.07.11 by jpshortstuff
Log created at 19:51 on 30/06/2012 by hp
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== regfind ==========

Searching for "wpad.net.ms"
No data found.

Searching for "wpad.dat"
No data found.

Searching for "85.214.17.43"
No data found.

-= EOF =-


I don't think it found anything...........i also tried the same thing by replacing the IP address with the one that is popped by Avast.....but the same result appeared. I don't understand that if Avast is detecting Malicious Url Connection, then why doesn't it provide the solution for it......??

[essexboy]

This is a new element that has only just surfaced, and to date only Avast is detecting the connection attempt.  What I need to do is determine what file/registry entry is starting the connection

Could you re-run Combofix please and allow it to update then post the resultant log

[Max Bhatia]

Here is the attached log of combofix you asked to post again.......I re-run it and attached the file........
I don't think anyone would be able to track this........as i guess all your ammunition used didn't work at all....... 

[essexboy]

Have just had some success with the other three


Go start > all programs > accessories
Right click the command prompt and select run as administrator
enter the following two commands pressing enter between each

ipconfig /release
ipconfig /renew