Avast A/V reporting Google and Bing as malicious URLs


  1. Posts : 291
    Windows 7 x64 Pro
       #1

    Yes, this may not be the most appropriate forum, but the folks here seem to be better informed than most.

    This morning, Avast A/V started popping up Malicious URL alerts for most of the major search engines. This did not happen yesterday and no software has been installed recently. This behavior was seen with FF 14 and IE 9 on Google, Bing, and Yahoo. With Google, the alerts only appear when searching, with the other two, they appear when simply visiting the site. The alerts do not appear for other sites, such as CNN, SevenForums, etc. The alerts seem to point to 25.masterppcadvertising.com.

    I looked at the page source for the Google and Bing home pages. Both had a significant amount of javascript code - I suspect it relates to the search completion feature. I saw this same code on another computer (also with Avast, but not behaving in the same manner as this computer).

    I ran a full malwarebytes scan and it found nothing. I emptied my browser cache, but that did not help. One site I found suggested removing and reinstalling Avast, but I cannot imagine how that would help.

    Please offer some suggestions. This issue is quite disruptive.

    Thank you.

    Update: I disabled all of my FF extensions and plugins, and the problem went away. I then re-enabled all of the ones that are normally active, and again, no problem. Not at all sure what the heck is going on...
    Last edited by Brink; 25 Jul 2012 at 13:18. Reason: merged
      My Computer

  2.    #2

    I would change to MSE as we've pretty much stopped recommending Avast over the past year here and now all I see are MSE recommendations. Use Malwarebytes for on-demand scanning.
      My Computer


  3. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #3

    The alerts seem to point to 25.masterppcadvertising.com.
    The IP address points to 85.17.132.33 {Netherlands Haarlem Leaseweb B.v.}
    Looks like a "pay-per-click advertising".
    Let's flush the DNS cache and restore MS's Hosts file.

    Copy and paste these lines in Note pad:

    @Echo on
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0

    Save as flush.bat to your desktop.
    Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

    Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
    Save any unsaved work. TFC will close ALL open programs including your browser!
    If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
    Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
    Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

    You should be (hopefully) free of any re-directions and/or reports of 'malicious' URLs.

    Please let us know :)
      My Computer


  4. Posts : 1
    Win 7 Home Premium 64bit
       #4

    The problem I have been fighting sounds identical to the one described in this thread.
    I followed Jacee's plan and it did not stop the pop up warnings. (Mine, incidentally were directed to a different site)
    BUT, GRosten gave me an idea with his disabling add on and extensions in Firefox. I disabled them all and the issue went away. I restarted them one by one and the one causing my problem was "Mozilla Safe Browsing 2.0.14" Tested it 3 times. It was updated 7/14/12 which is just about the time the problem started.

    This forum solved three problems I had today so I want to contribute what little I can. Hope it helps!
      My Computer

  5.    #5

    Good info, thanks for reporting back.

    I'd uninstall and reinstall Firefox then guard my Add-Ons list.

    I never let any browser have an Add-On unless I've confirmed it's required for a function I want and need.
      My Computer


  6. Posts : 291
    Windows 7 x64 Pro
    Thread Starter
       #6

    All,

    Sorry for the missed replies. I think that hroush9037 may be on to something. The problem seems to re-occur after rebooting, which seems to coincide with the "Mozilla Safe Browsing" being re-enabled (but not by me).
      My Computer


  7. Posts : 297
    Microsoft Windows 7 Home Premium 64-bit Service Pack 1
       #7

    My web shield isn't reporting any issues, and I have Chrome here. The only issue I have with Avast! at the moment, each time it's been updating the virus definitions and does its pop-up alerts it would play the sound notification twice in a row (or however many times it takes) until the pop-up does appear.
      My Computer

  8.    #8

    Try MSE to see the difference.
      My Computer


  9. Posts : 1
    windows xp 32bit
       #9

    Same Problem


    The same problem happened to me but with a different advertising re-direct script that Avast said was coming from the Firefox browser I was using. I clicked the link on the alert that took me to Avast's advertising page that wanted me to upgrade to their virus scanner that costs money, but the page didn't explain the trojan. So instead of Avast getting rid of the trojan, it acted like a firewall and just said it was from Firefox and leaving me to have to figure it out. After deleting toolbar folders that I didn't need, nothing resolved, and I still kept getting alert pop-ups from Avast that my browser was hijacking me. So I went into Firefox's safe mode that turned off all the add-ons, and that stopped the pop-up alerts. Then I went one by one disabling each add-on in Firefox and found that Avast stopped alerting me when I turned off the add-on Mozilla Safe Search.

    This is just a thought, but that got me to wonder why no other virus scanners, like Malwarebytes, Spybot, Sophos, Combofix, etc. picked it up. So it's possible that because Avast has it's own "Safe Search" app called "avast! WebRep" that could be loading it's own list of clients into Google searches, which is the trade off for getting Avast free, and needed the user of their software to disable Mozilla Safe Search because it was interfering with Avast "avast-WebRep." So Avast might be putting in a false trojan script to get you to disable any web shields you might be using.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:43.
Find Us