Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe malware


  • This topic is locked This topic is locked
17 replies to this topic

#1 happydalek

happydalek

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 10 February 2010 - 01:15 PM

I run Windows XP home edition with Avast 5.0 installed and operating, and for the past several days, Avast keeps identifying and blocking a process from opening malicious URLs. The specific message is: "Avast Network Shield has blocked a threat. No further action is required. The threat was detected and blocked before connecting to the URL." The URL in question is very long, but usually starts with 77.74.48.111. It happens about every ten minutes or so while I'm browsing online (and today right after my computer booted and connected to my wireless network), and Avast identifies the process as Win32/svchost.exe. Avast doesn't detect anything on scans, and I use CCleaner after every browsing session, and I tried using a restore point, but the problem remains.

I greatly appreciate any help anyone can provide.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 11:19:33.70 on Wed 02/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1919.1443 [GMT -5:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T6528
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T6528
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T6528
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T6528
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CHotkey] zHotkey.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [Power2GoExpress] NA
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
TCP: {4D056C24-78D3-4CD5-BE2B-4D1DD98FB559} = 192.168.0.1

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\lmsprkff.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-8 163280]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-8 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-11-30 194304]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-30 133104]

=============== Created Last 30 ================

2010-02-10 16:02:54 0 d-----w- c:\program files\Trend Micro
2010-02-09 04:12:50 0 d-----w- c:\windows\system32\LogFiles
2010-02-08 14:07:10 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-07 18:26:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-01-12 19:51:59 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet(2)(2).dll
2009-12-21 19:14:05 1208832 ----a-w- c:\windows\system32\urlmon(2)(2).dll
2009-12-21 19:14:03 1985536 ----a-w- c:\windows\system32\iertutil(2)(2).dll
2009-12-21 19:14:02 11070464 ----a-w- c:\windows\system32\ieframe(2)(2).dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll

============= FINISH: 11:19:55.56 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:24 PM

Posted 16 February 2010 - 09:15 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 happydalek

happydalek
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 16 February 2010 - 11:30 PM

Hello! Thank you for getting back to me. I look forward to any assistance you can provide.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:24 PM

Posted 17 February 2010 - 03:53 PM

This looks like a case of an attack that's failing and which Avast will tell you about constantly.

We need to take a look at certain areas such as rootkits first but it's likely that we are looking at a clean PC here.

Please run MBAM

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Finally, for this step, let's also run Process Explorer to make sure that the svchost.exes that are running should be running.

Please download and run Process Explorer

If Process explorer won't execute rename it Iexplore.exe

Under File and Save As, create a log and post here

Copy and paste the log into your next reply


Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#5 happydalek

happydalek
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 18 February 2010 - 12:12 AM

Thanks for getting back to me so quickly, m0le. I followed your instructions. Mbam found nothing. Here's the log:

Malwarebytes' Anti-Malware 1.44
Database version: 3754
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/17/2010 11:53:04 PM
mbam-log-2010-02-17 (23-53-04).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 188378
Time elapsed: 57 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

But while the scan was running, Avast popped up several messages that it had found more malware that mbam was turning up. In each case it either blocked it or moved it to the virus chest. It gave me the option to report them as false positives, but I didn't because Avast identified most of them as trojans, and I don't know enough about these things to tell when something is a false positive. Most of them came out of my System Volume Information/restore directory, which I assume is related to the system restores I've done previously.

Here's the Process Explorer log I ran afterwards:

Process PID CPU Description Company Name
System Idle Process 0 98.46
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 596 Windows NT Session Manager Microsoft Corporation
csrss.exe 880 Client Server Runtime Process Microsoft Corporation
winlogon.exe 904 Windows NT Logon Application Microsoft Corporation
services.exe 948 1.54 Services and Controller app Microsoft Corporation
svchost.exe 1108 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1164 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1204 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1304 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1424 Generic Host Process for Win32 Services Microsoft Corporation
AvastSvc.exe 1604 avast! Service ALWIL Software
spoolsv.exe 1884 Spooler SubSystem App Microsoft Corporation
svchost.exe 1960 Generic Host Process for Win32 Services Microsoft Corporation
AppleMobileDeviceService.exe 1992 Apple Mobile Device Service Apple Inc.
mDNSResponder.exe 2008 Bonjour Service Apple Inc.
nvsvc32.exe 300 NVIDIA Driver Helper Service, Version 81.33 NVIDIA Corporation
PRISMXL.SYS 320 PrismXL Service New Boundary Technologies, Inc.
svchost.exe 412 Generic Host Process for Win32 Services Microsoft Corporation
wdfmgr.exe 428 Windows User Mode Driver Manager Microsoft Corporation
alg.exe 732 Application Layer Gateway Service Microsoft Corporation
lsass.exe 960 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1548 Windows Explorer Microsoft Corporation
PDVDServ.exe 2144 PowerDVD RC Service Cyberlink Corp.
rundll32.exe 2200 Run a DLL as an App Microsoft Corporation
zHotkey.exe 2208 Multimedia Keyboard Driver
readericon45G.exe 2236 Sunkist Alcor Micro, Corp.
RTHDCPL.EXE 2264 Realtek HD Audio Control Panel Realtek Semiconductor Corp.
AvastUI.exe 2296 avast! Antivirus ALWIL Software
ctfmon.exe 2396 CTF Loader Microsoft Corporation
WG111v2.exe 2484 WG111v2 MFC Application
procexp.exe 1868 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

I hope this makes some sense to you, because I'm rather stumped!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:24 PM

Posted 18 February 2010 - 06:56 AM

System restore is a folder which may harbour malware unknowingly. The plan is that were you to invoke a system restore in an attempt to remove the baddies you could actually reinfect the machine.

Let's run ESET which should be able to remove these

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

The Process Explorer found only legitimate svchost.exe processes running which is good news. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#7 happydalek

happydalek
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 18 February 2010 - 10:56 AM

I downloaded and ran ESET, and it found no threats, so there wasn't anything to save as a log. Any other tricks up your sleeve? Is this looking like a problem with Avast?

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:24 PM

Posted 18 February 2010 - 11:28 AM

It is looking like false positive results, yes.

The IP address you quoted is to a legitimate company who are an authorised reseller for Microsoft. I think Avast has flagged this incorrectly.

The tools we have been running would have found something more by now. Could you open the virus chest and screenshoot any files which Avast has actually flagged as a virus? If you can't screenshoot then copy the name and locatio of the file and Avast's description.
Posted Image
m0le is a proud member of UNITE

#9 happydalek

happydalek
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 18 February 2010 - 12:09 PM

Okay, well, my usual image-posting-fu is failing me here, so the files it found yesterday are all in C:\System Volume Information\_restore{F845E3...(it won't show me the full location, but it starts like that for all of them. There are 10 that it found yesterday during the mbam scan). The name is A0016786.dll through A0016791.dll, tagged as either Win32:malware/gen, or Win32:Jifas-DR (which is labeled as a trojan).

By the way, the full URL Avast keeps blocking is: 77.74.48.111/pldr/test.jpg?suid=536576940ddf11df94de200256fffff&cuid=6190e5587b50d249b78fac0c261eb82&affid=200264&tid=upsf00075&cver=2&li=1&bi=l&nc=1

Edited by happydalek, 18 February 2010 - 12:12 PM.


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:24 PM

Posted 18 February 2010 - 12:36 PM

Let's clear the system restore.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Now let's see if Avast still finds anything.
Posted Image
m0le is a proud member of UNITE

#11 happydalek

happydalek
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 18 February 2010 - 12:52 PM

After I type "cleanmgr" into Run and click OK, all it does is ask me which drive to clean. There is no "more options" tab. The choices are (C:) or RECOVERY (D:).

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:24 PM

Posted 18 February 2010 - 12:56 PM

Choose C:
Posted Image
m0le is a proud member of UNITE

#13 happydalek

happydalek
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 18 February 2010 - 02:02 PM

Thanks, m0le. I cleaned out system restore as per your instructions, and ran a thorough scan through Avast. It found no infected files. But it's still blocking that "malicious" URL. If it's a false positive, then is there some way to tell it to stop doing that? Why is it flagging that URL if it's not actually malicious? Should I switch to a different antivirus program?

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:24 PM

Posted 18 February 2010 - 06:55 PM

Is there a specific time when Avast kicks in and flags this URL?
Posted Image
m0le is a proud member of UNITE

#15 happydalek

happydalek
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 18 February 2010 - 10:31 PM

It seems to pop up every 10 minutes exactly while I have a browser window open (I just sat here idly clicking around for half an hour to confirm this). At times I've gotten the message almost as soon as I boot my machine and it connects to my wireless network, but not always. It doesn't seem to matter what I'm doing online or what pages I visit. I primarily use Firefox, which is up-to-date.

EDIT: Avast operates the same way on Internet Explorer, so it's not a browser thing.

Edited by happydalek, 18 February 2010 - 11:04 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users