Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast reports blocking outgoing URL attempts Win 8.1


  • Please log in to reply
6 replies to this topic

#1 Mok

Mok

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 03 June 2015 - 02:41 PM

Hello
 
A customer brought in a laptop that was infested with quite a few PUPs, torjans, viruses, adware and just about everything else.
 
I have removed all the PUPs using a combination of adwcleaner, JRT, Malwarebytes and Avast and Trend Micro's House Call. Anything left over was removed using Revo uninstaller.
 
I then perfromed the Windows 8.1 update.
 
At this point I wanted to run the AVG rescue disk, but this laptop doesn't have an optical drive. I have a copy on a USB flash drive, but even though I get the UEFI to allow booting from a USB device, it keeps refusing to boot from the flash drive. At this point I'm not sure if it's the drive or the computer causing this.
 
The problem is that, even though the computer works perfectly, Avast keeps reporting that it has blocked malware. It seems to be outgoing attempts to contact assorted websites, and I'm really not sure if these are false positives or a legitimate function.
 
For example: (don't click these links)
 
hxxp://bestdriverstar.net/4242/segmentsustainer_142667093542149.dll (Process svchost.exe)
 
hxxp://anythicago.com/4242/seekerinstance_142666919466027.dll (missed the process on this one)

hxxp://simplesitescan.net/4242/softwareForce_142669433532350.dll (Process c:\windows\system32\svchost.exe
 
They all follow the same pattern of Avast going "ding-ding-ding" Threat has been detected, and then a window will pop up showing it blocked an attempt at outside communication (URL:Mal).
 
I have done the full Avast scan that reboots the computer and scans everything, and it did find some infected files, which were quarrantined or removed. I'm still getting this problem though.
 
In Programs and Features, I have looked through the entire list and all the remaining programs are from Microsoft, ASUS, Adobe, Alcor Micro Corp (USB card reader), Atheros (netwrok driver, bluetooth driver, client installation program), IvoSoft (Classic Shell), or Intel. Nothing unusual that I can find.
 
Can someone tell me if I'm chasing a flase positive or if there is still an infection? The Avast website seems to think there is still an infection causing these warnings.

 

FYI

 

I just discovered that the laptop is toasting my AVG rescue USB flash drive. I reformatted it and used diskpart to get it bootable again, put the AVG rescue files back on the drive and tested it on a Dell desktop, and it worked perfectly. When I put it into this laptop, and set UEFI to allow it to boot, one of two things happens: Either the option to allow this USB device to boot is just gone, or it will just not boot from the USB flash drive. This time when I tried it, I retested the USB flash drive in another PC and it is now corrupted. I think the virus is corrupting the flash drive.


Edited by Mok, 03 June 2015 - 04:24 PM.
Deactivated links. ~ OB


BC AdBot (Login to Remove)

 


#2 01sprey

01sprey

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 03 June 2015 - 03:42 PM

Just started getting the exact same thing on my win 8.1 lappy today (I also run Avast and am getting the "dingdingding" with those same sites). Ran Malwarebytes found a PUP and I removed it, but problem not solved. Laptop is almost brand new.



#3 Mok

Mok
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 11 June 2015 - 09:36 AM

This request was posted on June 3rd. Is there no one who can assist with this? Since the reinstall files are on the laptop hard drive, I'm not 100% sure that a system reinstall will kill this virus. I'll leave this post until Monday and then I will be forced to reinstall Windows 8.



#4 sherry armstrong

sherry armstrong

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 12 June 2015 - 03:19 AM

I don't have a lappy , i have a desk top and i have win 8.1  i have been getting these too   DONT click these i copied and pasted these to show
 
hxxx://opticguardzip.net/4242/SectionDouble_142669629429948.dll]HXXX://opticguardzip.net/4242/SectionDouble_142669629429948.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

hxxx://alwaysisobar.com/4242/RelayDouble_142669497325058.dll]hxxx://alwaysisobar.com/4242/RelayDouble_142669497325058.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe


hxxx://anythicago.com/4242/TerminusTurbo_142669035158119.dll]hxxx://anythicago.com/4242/TerminusTurbo_142669035158119.dll[/url]
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

hxxx://simplesitescan.net/4242/IndepthEngine_142667058575913.dll]hxxx://simplesitescan.net/4242/IndepthEngine_142667058575913.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe
 
Then tells me to upgrade from the free version ? the svhost .exe ...they are all Windows ones i dont down load alot ... i have no clue As im also Getting the icon down below to get win 10 .... Sighs .... think im being bullied some where but i dont know ... wish i knew what was up ..... If i had the money id get as mac


Edited by hamluis, 12 June 2015 - 12:10 PM.
Links disabled - Hamluis.


#5 01sprey

01sprey

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 12 June 2015 - 04:02 AM

Sherry, sounds like exactly the same problem. I am still getting these popups despite having run full Avast and Malwarebytes scans. The win10 thing is nothing to worry about, same thing has appeared on my desktop recently: http://www.microsoft.com/en-US/windows/windows-10-upgrade

 

Mok, I am sure that I have had this same problem (or very similar) in the past with a different version of windows and Avast and I can't remember for the life of me if the issue lay with Avast or it was indeed a virus and if the latter how I got rid of it!! If you think it is a virus (I think it is a problem with Avast being over sensitive to something), then the Avast fourms are usually very good if you go there they will ask you to run diagnostics tests and will try and hlpe you to find the virus and remove it.



#6 Mok

Mok
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 12 June 2015 - 10:14 AM

Sherry, sounds like exactly the same problem. I am still getting these popups despite having run full Avast and Malwarebytes scans. The win10 thing is nothing to worry about, same thing has appeared on my desktop recently: http://www.microsoft.com/en-US/windows/windows-10-upgrade

 

Mok, I am sure that I have had this same problem (or very similar) in the past with a different version of windows and Avast and I can't remember for the life of me if the issue lay with Avast or it was indeed a virus and if the latter how I got rid of it!! If you think it is a virus (I think it is a problem with Avast being over sensitive to something), then the Avast fourms are usually very good if you go there they will ask you to run diagnostics tests and will try and hlpe you to find the virus and remove it.

 

I work on a lot of computers and usually I can handle virus removals myself. However, once in a while I find something that is beyond my current skillset. When that happens, I come here because these guys know way more about it than I do.

I have another laptop sitting beside me right now, it's also an ASUS, and I have installed Avast on it for the customer. It is not getting these malware hits like the first laptop does. It's working exactly as expected.

I finally figured out how to get it to boot from a USB flash drive without corrupting the drive, and I was able to run the AVG rescue disk anti-virus scans. All it found was a bunch of tracking cookies. I have put it aside hoping someone here would help. I suppose they are really busy and that's why it's taking so long. Unfortunately, since it's a customer's computer, I will have to do something Monday, and it looks like I'm going to have to reinstall Windows 8 and hope the virus was not smart enough to infect the recovery files. It would be a lot of work since they have Office, assorted programs, pictures and other files plus updates.



#7 01sprey

01sprey

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 12 June 2015 - 10:39 AM

As I say, you can try the Avast forums too, else enjoy your complete re-install!! You mention tracking cookies... I might try a similar scan because I seem to remember now that this is what these popups relate to (i.e. not malware on the computer but rather just interaction of some cookies or something with Avast that means that the connection attempts are flagged as malware) from my previous experience that I mention above.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users