Malicious Website blocked "Avast"

[sdsmrs]

Hello, I have a Malicious Website blocked issue.  The pop-ups started about 4:00 pm yesterday (9/9/2015).

 

I have read thru the posting instructions and have run a Malwarebites scan and a Farbar Recovery tool scan (gave me a "Line 9051 Error: Subscript used on non-accessible variable" message so I'm not sure if it actually did what it was supposed to do).  The logs are below, although, I can't seem to find an addition.txt log. 

 

If I have forgotten something, or haven't supplied all the information, please let me know.  This is the first time I've had to do any of this so I might have missed something. 

 

Thank you for your help in this matter. 

 

 

FRST.txt

protection log 9-10.txt

mbam scan log 9-10-15.txt

[MrCharlie]

Take a look Here:

 

https://forums.malwarebytes.org/index.php?/topic/172548-infected-by-su2ffavastcom-ip-9224214021-dns-hijacking/?p=988597

[sdsmrs]

Thank you, on the link you provided it states there are two options - 

 

1. Add the following to the HOSTS file and either wait for or hope, Avast updates the DNS record or updates the software;
 

2. Change your DNS provider as mentioned by TwinHeadedEagle (e.g. to Google (8.8.8.8, 8.8.4.4), OpenDNS (208.67.220.220, 208.67.222.222)) 

 

How do I go about doing the first step?  I'm not sure where the HOSTS file would be located. 

[MrCharlie]

Here's a good tutorial...look at the one for W7:

 

http://www.howtogeek.com/howto/27350/beginner-geek-how-to-edit-your-hosts-file/

 

Let me know, MrC

[sdsmrs]

Thank you, I saw your post on another thread and got it fixed.  The pop-ups have stopped and hopefully a true fix will be coming soon.  I can't understand why this just started if the main issue has been a known problem.  Thanks for your help.

[MrCharlie]

Good......

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[sdsmrs]

Well, scratch that, the pop-ups are back now it's this -- not sure how to get the picture to post.  Give me a few.

[MrCharlie]

Just post the latest protection log from Malwarebytes

[sdsmrs]

 Ok, well I've attached a word doc with the pop up picture.  Ugh!  We have NEVER had problems in the past.  It's not my this computer, but also my husbands computer.  All scans come up clean it it weren't for this pop up there wouldn't be a problem. 

avast problems.docx

[sdsmrs]

Just post the latest protection log from Malwarebytes

Give me a few...

[sdsmrs]

Here it is...

protection log 9-10 pm.txt

[MrCharlie]

Please re-scan with FRST and Make sure the Addition Box is checked.

http://www.fixitpc.pl/picasso/images/malware/tools/frst/frst_win05.png

Post or attach the 2 logs FRST.txt and Addition.txt

MrC

[sdsmrs]

Here is the FRST log.  Everytime I run FRST it gives me an error and no addition log, even though the box is checked.  This is the error - Line 9051 Error: Subscript used on non-accessible variable.

FRST.txt

[MrCharlie]

Several people are having the same problem with FRST.

 

=================================

 

What browser is open when you get the blocks from Malwarebytes???

 

 

MrC

[sdsmrs]

Chrome, but I will say, I haven't had any since 6:11.  Here is the most recent protection log. 

protection log 9-10 pm b.txt

[MrCharlie]

Detection, 9/10/2015 6:11 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, IP, 92.242.140.21, 0-undefined.facebook.com, 53955, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

 

Detection, 9/10/2015 6:11 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, IP, 92.242.140.21, 0-undefined.facebook.com, 53955, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

 

Detection, 9/10/2015 6:11 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, IP, 92.242.140.21, 0-undefined.facebook.com, 53956, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

 

Detection, 9/10/2015 6:11 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, IP, 92.242.140.21, 0-undefined.facebook.com, 53960, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

 

Detection, 9/10/2015 6:11 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, IP, 92.242.140.21, 0-undefined.facebook.com, 53961, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

 

 

 

From the log you can see what the cause is.

 

Let me know if they come back.

[sdsmrs]

They're back.  AHHHHHH!  It was fine for awhile but I closed out Chrome then opened it back again and they started back up again.  Here's the latest log. 

protection log 9-10 pm c.txt

[MrCharlie]

OK...here's what you have to do:

Change your DNS provider to OpenDNS or Google

OpenDNS use: 208.67.220.220 and 208.67.222.222

Google use: 8.8.8.8 and 8.8.4.4

It easy to do and these two links should help you change the settings: (reboot when done)

http://208.69.38.205/

http://www.isitdownrightnow.com/how-to/setup-opendns-in-windows-7.html

Let me know.....MrC

[sdsmrs]

Ok, thank you.  That's done.  Is there anything that changing the DNS will affect either negatively?  Will this need changed in back in the future?  

 

Another question.  I am working on my husbands computer also, it has the same issue.  I did the first step of changing the host file then it did threw the same pop-ups I was having.  I went to check out his protection logs but there is nothing there, this was right after a pop up showed.  Is there a reason this is happening?  I checked the settings on his MBAM and they are the same as mine.  Scan log is showing just none of the protection logs. 

[MrCharlie]

Ok, thank you. That's done. Is there anything that changing the DNS will affect either negatively? Will this need changed in back in the future?

No I would leave it there......I recommend and use OpenDNS
http://www.labnol.org/internet/tools/opendsn-what-is-opendns-why-required-2/2587/

Another question. I am working on my husbands computer also, it has the same issue. I did the first step of changing the host file then it did threw the same pop-ups I was having. I went to check out his protection logs but there is nothing there, this was right after a pop up showed. Is there a reason this is happening? I checked the settings on his MBAM and they are the same as mine. Scan log is showing just none of the protection logs.

I'm finding that to properly fix this you have to change the DNS settings as mentioned...so try that.

How is the computer now???? Any more blocks???

MrC

[sdsmrs]

No I would leave it there......I recommend and use OpenDNS

http://www.labnol.org/internet/tools/opendsn-what-is-opendns-why-required-2/2587/

 

That's the one I used.  Thank you for the link explaining this. 

How is the computer now???? Any more blocks???

 

So far so good on both computers.  If anything more pops up, I'll post here.  Thank you for your help.  

MrC

[MrCharlie]

Good

A little clean up to do....

---------------------------------

Download Delfix from here and save it to your desktop. (you may already have this)

• Ensure Remove disinfection tools is checked.
• Click the Run button.
• Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[MysteryFCM]

Please see:

 

https://forums.malwarebytes.org/index.php?/topic/172652-read-me-seeing-9224214021-blocks-read-me-please/

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!