Jump to content

Malicious website blocked popup every couple minutes

Recommended Posts

I downloaded Farber Recovery Scan Tool, and here are the two files resulting from the scan (attached)


I am getting the popup "Malicious Website Blocked; su2.ff.avast.com;" in the righthand part of my screen every couple minutes. It disappears pretty quickly, and when I click on it, I can no longer see the information that was listed on the popup.


I've seen this topic listed, but I can't seem to find the resolution. It looks like a lot of people started seeing this regardless of OS.


I use Windows 7.


Thanks in advance!



Link to post
Share on other sites

Do you have access to the router????

Your problem is usually related to the router, we can make some tweaks to resolve it.
There's some malware on the system that needs to be cleaned also.


Please uninstall this program if possible:

Define Ext (HKU\S-1-5-21-1812722484-316454843-485349640-1001\...\Define Ext) (Version: 8 - DefineExt.com) <==== ATTENTION


bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.


    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
    Run FRST.exe/FRST64.exe and click Fix only once and wait
    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.


    Lets check for any adware/spyware now:

    Please download AdwCleaner from HERE or HERE to your desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program that may have been targeted by mistake.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    Please Update and run a Threat Scan (Malwarebytes)
    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
    Same for PUM (Potentially Unwanted Modifications)
    Quarantine All that's found



Link to post
Share on other sites

I was able to remove the program. I do not have free access to the router. It is in my landlord's apartment, not easily accessible. I recently put in a signal amplifier because I was not receiving signal very well. I bring my laptop to work as well and use the wifi as well as an ethernet cable for internet.


I did the first couple things up until adding the fixlog file. Should I remove AVAST! before moving onto the next step? I don't want too many competing programs installed on my computer at once.


Link to post
Share on other sites

# AdwCleaner v5.008 - Logfile created 18/09/2015 at 10:02:12
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Anna - ANNA-HP
# Running from : C:\Users\Anna\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\LinkSwift
[-] Folder Deleted : C:\ProgramData\Conduit
[-] Folder Deleted : C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[-] Folder Deleted : C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[-] Folder Deleted : C:\Users\Anna\AppData\Local\~0
[-] Folder Deleted : C:\Users\Anna\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\Anna\AppData\Local\DefineExt
[-] Folder Deleted : C:\Users\Anna\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Anna\AppData\LocalLow\Conduit

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Anna\AppData\LocalLow\SkwConfig.bin

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\ImInstaller
[-] Key Deleted : HKCU\Software\Define Ext
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Define Ext
[-] Key Deleted : HKLM\SOFTWARE\W3I
[!] Key Not Deleted : [x64] HKCU\Software\Conduit
[!] Key Not Deleted : [x64] HKCU\Software\IM
[!] Key Not Deleted : [x64] HKCU\Software\ImInstaller
[!] Key Not Deleted : [x64] HKCU\Software\Define Ext
[!] Key Not Deleted : HKU\S-1-5-21-1812722484-316454843-485349640-1001\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8

***** [ Web browsers ] *****

[-] [C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\178p7sxp.default-1356315252077\prefs.js] [Preference] Deleted : user_pref("smartbar.originalHomepage", "about:home");
[-] [C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\x1sn3ius.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3314312&octid=CT3314312&SearchSource=61&CUI=UN24337851021526030&UM=2&UP=SP4CCB1A39-6802-4440-AC87-E4DF1B7969FC");
[-] [C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\x1sn3ius.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
[-] [C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\x1sn3ius.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
[-] [C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\x1sn3ius.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[-] [C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\x1sn3ius.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3314312");
[-] [C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\x1sn3ius.default\prefs.js] [Preference] Deleted : user_pref("extensions.LinkSwift.aul", "1385269292221");
[-] [C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\x1sn3ius.default\prefs.js] [Preference] Deleted : user_pref("extensions.LinkSwift.irl", true);
[-] [C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\x1sn3ius.default\prefs.js] [Preference] Deleted : user_pref("extensions.LinkSwift.is", "trlsus");
[-] [C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\x1sn3ius.default\prefs.js] [Preference] Deleted : user_pref("extensions.LinkSwift.ug", "6203D4D9-33C0-4D71-83B1-5E68B87BE464");
[-] [C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\x1sn3ius.default\prefs.js] [Preference] Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[-] [C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\x1sn3ius.default\prefs.js] [Preference] Deleted : user_pref("smartbar.machineId", "7EPUROUNG3/ESTDOAEEQIG/DN3S8EROZD5KPJK0V0GPERNHYIMHJVAHT81DC59RM+EZHZ/UFK09NQ17MMTFTKW");
[-] [C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com
[-] [C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com


:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4772 bytes] ##########

Link to post
Share on other sites

Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 7 Home Premium x64
Ran by Anna on Fri 09/18/2015 at 10:10:29.58

~~~ Services

~~~ Tasks

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_12C6C396F9F079F593189BD3E5EB8A5F

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EE67A1B4-2EC3-4F9A-AD55-529789C33E2D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EE67A1B4-2EC3-4F9A-AD55-529789C33E2D}

~~~ Files

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{0163274C-430D-493E-BF23-DFD34B1181C5}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{02B10B51-C033-457F-934A-D97001EB2855}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{0B0738AE-5FEF-4A6E-8C5D-68A1C94CB7E4}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{147F4F9F-0450-4A22-9EBA-BCBBCDDAED96}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{20660E79-D7F2-46BF-BE40-E5B257770FA1}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{235E3361-7A91-4BC4-9BDB-533CCE6E1D43}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{3D25B5B5-66C7-4F38-BA2B-5C712E94A7D5}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{3FB3F7C7-9E35-4C78-9609-A4A59D9B7DD6}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{44600D6D-5128-4F41-A05B-72939C3F6A82}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{4BE62585-EE35-40E1-9131-10281B666D64}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{52E2ACE3-F9DA-4454-B691-2975843C3F1B}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{5FF5D15C-AA50-4748-B176-34DD3F181917}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{600C715C-1F5D-4257-98BF-209C6A8D5052}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{62614197-91B7-4BAD-A837-08E232DFC506}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{6318978C-1B22-4155-A796-44D9603342FF}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{691C4AF9-83F9-46D9-A01B-39AB7FA5C346}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{72EBA3BE-C892-45B6-8F20-53A7A5B94BA1}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{76D9B4AA-9A60-431D-A8D4-9E5600D75DCF}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{79289990-05DA-4399-8652-D14022D2E871}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{7C077764-1EB5-44EE-BB23-D23BAD5CF897}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{888BD5A8-5B2E-410A-BD02-F2F3E48B908D}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{B64B986A-0860-43D9-A291-2D10E889755C}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{C321E8CC-A15F-4853-8718-097BF566510B}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{CC3C6518-DC25-40F0-8F85-DD472EFC5D23}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{D621EDC5-1803-4138-9128-C56D137EC7A6}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{EA9D7E09-26A9-4026-B26D-A1A8A891DB62}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{EAF142D4-1C3E-4AEF-883E-0FEEB77594E0}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{EEDBD70B-759C-4965-9EB4-18F0EFAEEFA7}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{F2A2B5D6-87EE-4B05-A9E6-C8CD507352E6}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{F689E222-31C6-4900-AF20-F2C08D04F301}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{F9920FE5-43EA-4CB6-A01A-E6E33DED4146}
Successfully deleted: [Empty Folder] C:\Users\Anna\Appdata\Local\{FE39D2B1-61A1-4FD3-B1E8-D4049F83FDA2}

~~~ FireFox

Emptied folder: C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\x1sn3ius.default\minidumps [452 files]

~~~ Chrome

[C:\Users\Anna\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Anna\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Anna\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Anna\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

Scan was completed on Fri 09/18/2015 at 10:16:34.01
End of JRT log

Link to post
Share on other sites

This is from Verizon and how to correct the problem...it would be great if your landlord could make this tweak:
"This is expected bahavior.  The Verizon Online DNS resolvers have NXDOMAIN redirection services that redirect any unknown host to a sponsored search page.  You can opt out of this by changing your resolver from .12 to .14."

Lets try something simple:

Ad these to your host file, the link below shows how:  su2.ff.avast.com  2-undefined.facebook.com

Here's a good tutorial for the host file...make sure you look at the correct one for you operating system:

Let me know.....MrC

Link to post
Share on other sites

Landlord is out of town for a few days. I could potentially go take a look at the router sometime this weekend.


I tried to modify that document, but I could not save it in the correct location because windows 7 automatically blocks access to administrative actions. I tried to enable my administrator privileges, but nothing shows up in my MMC console.


Thanks for all of your help. This is pretty maddening.

Link to post
Share on other sites

OK then the router has to be tweaked as mentioned.

You should remove the OpenDNS from your computer, the router is over riding the computers settings.

All you should have to do is check the:

Obtain DNS Server Automatically

and that should do it



Try HostsXpert to edit your host file as mentioned: (I've already downloaded and attached it for you.)




Link to post
Share on other sites

That seemed to work. It's a little strange because I changed the permissions and then once again tried to save the notepad file in the correct folder, and it told me I still didn't have permission to do so. However, when I opened up the notepad file using that path (c:\windows\system32\drivers\etc\hosts),    su2.ff.avast.com was already saved in the file, so it seems to have done the trick. I am not seeing the little window pop up anymore.

Thanks so much for all of your assistance!



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.