Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast constantly alerting of blocked threat, nothing shows up in scans...


  • Please log in to reply
6 replies to this topic

#1 Buzwa

Buzwa

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 17 January 2016 - 10:28 PM

For the last week or so, my sister's computer (Windows 7) has been bombarded by Avast alertingn her that a threat has been blocked. It happens for various different processes, but most consistently when a browser is opened (tried both IE and firefox). Here are a couple examples of what it says:

 

Infection Blocked

URL: http://52.74.169.204/wpad.dat

Infection: URL:Mal

Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

 

Infection Blocked

URL: http://119.9.89.71/wpad.dat

Infection: URL:Mal

Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

 

 

We have run the virus scan in Avast and nothing was found. Also, Malwarebytes found nothing.

 

I am not sure if she is infected or its an Avast problem. Any ideas?

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 RolandJS

RolandJS

  • Members
  • 4,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:10:02 AM

Posted 17 January 2016 - 11:00 PM

If an infection trying to come in from the outside, trying to get into your computer -- was blocked, then scans of your hard-drive are not going to find said infection, because it was blocked from ever getting into your computer.


Edited by RolandJS, 17 January 2016 - 11:01 PM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#3 Buzwa

Buzwa
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 17 January 2016 - 11:08 PM

That makes sense. I was thinking there was maybe something causing it that was already in there. The alerts are constant, as many as 40 back to back sometimes. Cannot even use the browsers at times.

#4 Jaycan

Jaycan

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 17 January 2016 - 11:12 PM

Hello and Welcome to B.C

The first link is dead and as a Data File it may mean the other one is also inactive.

 

File Scanner
There are some files I need you to upload for checking
 

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into  the  "Suspicious files to scan" box on the top of the page:
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Thanks -



Acer Computer with LG Monitor and Toshiba Laptop with Windows 7.1

Windows 64bit  8.1 - Always fully updated

Firefox / Google Chrome / Internet Explorer Browsers

Usually a home helper here or with friends and nimble fingered ladies who would rather sew or dust, but not clean the bugs out of a computer ...


#5 Buzwa

Buzwa
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 18 January 2016 - 12:34 AM

Thanks Jaycan.

 

Despite numerous attempts we were unable to scan the link above at VirSCAN.org. It would only allow us to upload a file from our PC, not from a URL.

 

We used a similar tool at Virustotal.com and came up with the following:

 

URL: http://119.9.89.71/wpad.dat Detection ratio: 0 / 66 Analysis date: 2016-01-18 05:27:55 UTC ( 0 minutes ago )

 

URL Scanner

Result

ADMINUSLabs

Clean site

AegisLab WebGuard

Clean site

AlienVault

Clean site

Antiy-AVL

Clean site

Avira

Clean site

Baidu-International

Clean site

BitDefender

Clean site

Blueliv

Clean site

C-SIRT

Clean site

CLEAN MX

Clean site

CRDF

Clean site

CloudStat

Clean site

Comodo Site Inspector

Clean site

CyberCrime

Clean site

Dr.Web

Clean site

ESET

Clean site

Emsisoft

Clean site

Fortinet

Clean site

FraudScore

Clean site

FraudSense

Clean site

G-Data

Clean site

Google Safebrowsing

Clean site

K7AntiVirus

Clean site

Kaspersky

Clean site

Malc0de Database

Clean site

Malekal

Clean site

Malware Domain Blocklist

Clean site

MalwareDomainList

Clean site

MalwarePatrol

Clean site

Malwarebytes hpHosts

Clean site

Malwared

Clean site

Nucleon

Clean site

OpenPhish

Clean site

Opera

Clean site

PalevoTracker

Clean site

ParetoLogic

Clean site

Phishtank

Clean site

Quttera

Clean site

Rising

Clean site

SCUMWARE.org

Clean site

SecureBrain

Clean site

Sophos

Clean site

Spam404

Clean site

SpyEyeTracker

Clean site

Sucuri SiteCheck

Clean site

Tencent

Clean site

ThreatHive

Clean site

Trustwave

Clean site

VX Vault

Clean site

Web Security Guard

Clean site

Webutation

Clean site

Wepawet

Clean site

Yandex Safebrowsing

Clean site

ZCloudsec

Clean site

ZDB Zeus

Clean site

ZeroCERT

Clean site

Zerofox

Clean site

ZeusTracker

Clean site

malwares.com URL checker

Clean site

zvelo

Clean site

AutoShun

Unrated site

Netcraft

Unrated site

PhishLabs

Unrated site

StopBadware

Unrated site

URLQuery

Unrated site

Websense ThreatSeeker

Unrated site

 

 

Final URL after redirects

http://119.9.89.71/wpad.dat

IP address resolution

119.9.89.71

HTTP Response code

404

HTTP Response headers

date: Mon, 18 Jan 2016 05:27:56 GMT

content-length: 3652

content-type: text/html

connection: keep-alive

server: nginx/1.0.15

Response content SHA256

4cdb501841cb16ce7d74fd8fd912e3fd8d67e1a70086bfa42d756480706ab183

Scanning engine details

C-SIRT

https://www.c-sirt.org/en/incidents-on-domain/119.9.89.71

Quttera

http://quttera.com/sitescan/119.9.89.71

Sucuri

http://sitecheck.sucuri.net/results/119.9.89.71



#6 Jaycan

Jaycan

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 18 January 2016 - 01:30 AM

For the given I.P =

Geolocation
This address is in: Hong Kong ............ (relate to you ??)

 

Detection ratio: 0 / 66 - Avast is not included, but it seems to be a False Positive.

You can report it to their forum and they will re-do in the next update ..

 

Regards -



Acer Computer with LG Monitor and Toshiba Laptop with Windows 7.1

Windows 64bit  8.1 - Always fully updated

Firefox / Google Chrome / Internet Explorer Browsers

Usually a home helper here or with friends and nimble fingered ladies who would rather sew or dust, but not clean the bugs out of a computer ...


#7 Jaycan

Jaycan

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 10 February 2016 - 02:58 PM

Hello -

As you have not responded since 18 January , it seems that you have solved the problem ..

 

Please start a new topic if you have other problems .

 

Thank You.



Acer Computer with LG Monitor and Toshiba Laptop with Windows 7.1

Windows 64bit  8.1 - Always fully updated

Firefox / Google Chrome / Internet Explorer Browsers

Usually a home helper here or with friends and nimble fingered ladies who would rather sew or dust, but not clean the bugs out of a computer ...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users