Avast Free Blocks Something

For the last few days Avast has been blocking something that I don't understand but I highly suspect that it is malware or something else that should not be here in the first place.

I've run scans with:

IO Bit Malware Fighter
Avast Free Antivirus
Avira
Spy bot S & D
Malwarebytes

None of these programs have turned up anything odd in numerous scans.

I am enclosing print screens of the last 10 instances I have had blocking notices. I hope that in showing these that someone can get a handle on what it going on.
Avast-1.jpg
Avast-2.jpg
Avast-3.jpg
Avast-4.jpg
Avast-5.jpg
Avast-6.jpg
Avast-7.jpg
Avast-8.jpg
Avast-10.jpg
HMCSAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jhyieslaCommented:
It appears that you have a program or process running that is trying to access certain web sites.  This assumes that you don't have any legitimate processes trying to do this.

You've run most of what I would have run to determine any buried malware on the computer.  You might also want to try combo fix from bleepingcomputer.dom or TDSSKiller from the Kaspersky site.  The latter is a root kit scanner and remover.
0
HMCSAuthor Commented:
I've downloaded TDSS Killer and the combofix - also the Kaspersky Virus Removal Tool. I'll post the results as soon as I can. thanks for the advice. I am very sure this is something on my computer that does not need to be there and more than likely is malware of some sort.
0
jhyieslaCommented:
It could also be a botnet of some kind, but Malwarebytes should find and remove them.
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

HMCSAuthor Commented:
I hope the two things you mentioned will identify it and eliminate it - STAT! Things like this make me very nervous! I am happy tho that Avast at least blocked it but the program will not identify and eliminate it however.
0
HMCSAuthor Commented:
I did run TDSS, Combofix and Kaspersky Virus Removal Tool - which the latter I found while getting the TDSS tool.

The virus removal took did find two things but it was not what I was looking for. Once I got back online I had the same popup from Avast about it blocking a harmful webpage or file.

I am still concerned however that I have this happen in the first place and it (svchost.exe) is attempting to send me to a malicious web page.

That to me sends a message that still something is not right, as I should not be having this activity and then having Avast blocking the attempt(s) which are to more than one URL according to what I have seen in these reported attempts.

At this point in time I don't know what it would take to unearth the "root" cause of this behavior. I would appreciate your comments.

I have enclosed the actual report generated on what Kaspersky found.
0
HMCSAuthor Commented:
For some reason the file did not go through - I'll try one more time!Kaspersky-Results.jpg
0
jhyieslaCommented:
It appears that you do have something on your system. What you've thrown at it should have identified and removed the issue. I would suggest at this point to go into IE and delete all your cache. That should theoretically dump anything caught in the IE temp folders. Then I'd probably reboot into safe mode and manually remove the folders listed above that apparently contain some issue files. Remove the affected folders under Roaming and under local.  Then reboot normally. If you continue to have the issues, I'd copy off the things stored in your documents and on the desktop to somewhere else, log in as another administrative user and wipe your profile.  Then log back in as you, which will make a new profile for you and copy back the desktop and documents.  If this still doesn't fix it, I'd wipe and reload Windows.
0
HMCSAuthor Commented:
I rarely use IE but I am sure some programs use it. Mostly I use Firefox and occasionally chrome.  I always use CCCleaner which in theory should clean all of my browsers.

Also what about svchost.exe? It is always listed in my popups as the process involved? Actually at this moment svchost is not even running according to task mgr.

I've actually thought of somewhat ditching my present install of Win 7 64 bit and dual booting it with an OEM copy of Win 7 64 bit. I'd toyed around with doing this and i even have a lengthy question pertaining to doing just that but I never have gotten around to doing it since I had several simultaneous medical problems pop up that demanded my immediate attention. Presently I am still somewhat dealing with those diagnoses and its effect on my present health.

I'd certainly like to fix this problem first rather than diving into a dual boot situation since at this point in time my head is not exactly screwed on straight.

I'll do what you suggested and get back to you, hopefully today! :-) Thanks !
0
jhyieslaCommented:
I agree about CCCleaner.  However, the error messages you reported did point to some of the temp files in your profile, although not ones typically used, at least by IE.

Dual boot can be OK, but, unless you can really successfully clean your problem, the most prudent thing to do is completely nuke your present setup and start over - obviously saving off important data you will need for the new install.

Assuming you have a desktop that will support multiple drives, you might also consider installing a new drive or putting a new drive in and keeping your old one in an external enclosure if you don' want to do dual-boot. Then you could install a fresh copy and more easily copy back your data from the second drive. Unfortunately with Windows there's no good way to copy programs - you have to reinstall them.
0
Sudeep SharmaTechnical DesignerCommented:
Hi HMCS,

Please run AdwCleaner on your system and post the logs for the same, it might ask you to reboot the system to do the cleanup as well, so reboot and post the logs.

https://toolslib.net/downloads/finish/1/

Sudeep
0
HMCSAuthor Commented:
Here is a download of the scan using the ADWcleaner:

Some of what is reported I do need to delete and others I have no real clue what it is and this is the type of thing I can't touch unless someone with more knowledge tells me it is ok to mess with.
AdwCleaner-R0-.txt
0
jhyieslaCommented:
Most of what can be identified looks like junk.  Some of this probably isn't an infection as much as it is ad-ware.  Have you looked in Programs and Features to see if you have some of these programs installed or have programs that you don't want or need or mean nothing to you?  If so, just delete them and then I'd also look in your browser for any extraneous toolbars that didn't get deleted from Programs and Features and disable them. Then I'd run this program again and see what pops up.
0
HMCSAuthor Commented:
From what I've seen in this report it looks like alot of "fragments" of different things which I've deleted in the past and/or didn't know existed on my computer. in the first place.

I think I'll be busy deleting alot of things I consider potential problems or safe enough to delete without occurring any potential harmful effects.

After this is done I'll post a scan and also see if I get those Avast messages again. They seem to happen mostly when I first connect to the net but I've also seen "random" connection attempts also.

Hopefully this could solve this problem and is for sure worth a try.
0
HMCSAuthor Commented:
Sorry I've been late in getting the scan back to you but Real Life" got in the way!!!

Here is the most recent scan - I did delete alot of stuff that I could recognize as ok to delete.

The sad part is that when I reconnected to the internet I had the same popup again as before.

A few days ago I created another user account which is mostly "bare bones" and so far i don't have any of these popups from Avast.

So far what do you think ?
AdwCleaner-S0-05-29-15.txt
0
jhyieslaCommented:
It's possible that your original profile has become corrupt from an infection. You may have removed the infection, but it's likely the negative effects of it have lingered. Probably the simplest solution is to copy over any documents or other personal information from the old profile to the new and then, logged in as the new user, delete your old profile.

If it returns again, then it's likely that some trojan has been buried in the system somewhere and your best bet is to just wipe and reload.
0
HMCSAuthor Commented:
It is possible about the profile. Actually I have no idea how to correct this except to just delete the entire profile but I think that would cause more harm than good.

As far as doing a reinstall - I'd also lose out on some software that I can't replace since I might not have the reinstall keys or the original exe files. I might have them but it would be one heck of a witch hunt.

What I could attempt is what is known as a non destructive reinstall (I've done this with XP favorably)  & wonder if this would help matters any?

As an alternative I could use my original user profile and only use it for anything that I didn't really need to connect to the internet and then use the recently new profile account for all internet traffic since it seems that I do not have the popup that has plagued me with the original profile account.

Any of these would possibly work until Windows 10 comes along in late July. With downloading the free Windows 10 I might more than likely be starting from scratch.

Also as a side note does anyone know if the free download applies to individuals having more than one computer? I have two of them!
0
jhyieslaCommented:
Your profile contains lots of information for you, but unless you have a really complex setup, copying everything to a new one really isn't a deal. You've already created a new profile for yourself when you logged in as the other user.  If this is an acceptable name, you can just use that.  Assuming the new user is an admin on the computer moving your old stuff to the new profile is as easy as copying files. The main areas that contain info that you'd probably really care about are your user specific downloads, documents, desktop, music, pictures, etc and IE favorites. You can locate these folders under your old profile and copy the contents to the same named folders in the new profile.  Not saying that there aren't possible other things stored in your profile, but this is a really good place to start. Copy over the contents listed above and your new user will look like the old one. Leave the old one there just in case. As you start to use programs, if you find one that seems to be missing something, it's probably in a folder under the old profile like the appdata folder - which is a hidden folder. You can find it by clicking on Organize in the menu in Computer and then folder and search options. Enable the ability to see hidden things and you can then find that folder. If the profile itself is corrupted, it's most likely in things like the temporary internet files or even in some obscure place like appdata - so if you do copy things from there be careful.

Again, assuming that the infection is really gone and this is just the detritus left over, this is about as simple and non-destructive a thing as you can do.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HMCSAuthor Commented:
I am going to try and correct the profile and whatever else comes later!

I've had two messages that this question is inactive and so I am going to just close it out and work on it on my own!

I appreciate the help and assistance that you have given me,

Thanks again and it may be a long time before I ever submit another question at EE! I've been a member since about 1999 and before the even since it was free then.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.