Avast Gives Malware Alert For Clikcpixelabn.Com When Search Google

[bangkokcitylimits]

Avast gives malware alert for clikcpixelabn.com when search Google, what is this and how to solve?

It started (only) when I opened ThaiVisa 2 days ago, repeatedly, I thought it could be a hijacked Flash banner, now it seems Google took it over.

screenshot of the Avast alert in Dutch:

Now ONLY when on the Google search page, both on FF and IE. Using Vista.

Looks like Google has been hijacked on my pc ?

Please don't come with easy suggestions like Malwarebytes etc. I have all that. This seems to have slipped trough. I'm always selective with the websites that I open, not open randomly everything, like the many 'free this and free that' sites that are often are infected.

edit: this happens EVERYTIME I click 'Search' on google.com, whatever information I look for, I'm not opening websites.

[siamect]

check your windows/system32/drivers/etc/hosts file and see if there are anything about google...

[bangkokcitylimits]

check your windows/system32/drivers/etc/hosts file and see if there are anything about google...

Hi, thanks.

In the drivers file there's nothing with Google, but many of few hundred files have 'google' in it like this:

General

Complete name : C:\Users\USER\Desktop\google\PEAuth.sys

Format : MZ

Format profile : Executable / Intel i386

File size : 858 KiB

Encoded date : UTC 2006-10-23 08:55:32

There is no file called 'hosts' in drivers

I made a copy of the drivers file, eventually can put this online so you can see it, but not sure if this is safe or contains vital private data.

edit:

this are screenshots of all the files that are in 'drivers':

1

2

3

[bangkokcitylimits]

In the meanwhile I found this information:

'Firefox could be used to load a malicious code library that had been planted on a victim’s computer. An attacker could use this vulnerability to trick a user into downloading a HTML file and a malicious copy of dwmapi.dll into the same directory on their computer and opening the HTML file with Firefox, thus causing the malicious code to be executed.'

source

But still no idea what to do, Malwarebytes PRO doesn't see it and Avast (free) doesn't help getting rid of it.

[Peterbigeyes]

Is reformatting the com an option?

[wolf5370]

check your windows/system32/drivers/etc/hosts file and see if there are anything about google...

Hi, thanks.

In the drivers file there's nothing with Google, but many of few hundred files have 'google' in it like this:

General

Complete name : C:\Users\USER\Desktop\google\PEAuth.sys

Format : MZ

Format profile : Executable / Intel i386

File size : 858 KiB

Encoded date : UTC 2006-10-23 08:55:32

There is no file called 'hosts' in drivers

I made a copy of the drivers file, eventually can put this online so you can see it, but not sure if this is safe or contains vital private data.

edit:

this are screenshots of all the files that are in 'drivers':

1

2

3

You missed the etc subdirectory in the path he gave you - there WILL be a HOSTS file (no extension) - though on Vista you will need use NotePad as an Administrator to eidt it (and unset the Raed Only flag first too). Most things in the HOSTS file should either begin with a # (making them a comment) or have 127.0.0.1 against a URI - if any have something else (i.e. not 127.0.0.1) then this could be a malicious redirect and its best to comment it out and try again (save the file first and refresh your browsr too).

It could also be a legitimate catch -sometimes sites are hacked and malicious javascript is inserted (Google often warns of this on their searche for example - this site is losted as being infected with malicious content - Are you sure you want to proceed? etc). I don't know the site, can you access it from a nother machine or does that machine also give the same warning?

[bangkokcitylimits]

OK solved !

(with help of a member of the Yahoo Answers forum, I will copy/paste the very useful information as it might be helpful to others)

'As you saw in the Avast prompt your Firefox was infected.

Mozilla patches DLL load hijacking vulnerability

link 1 link 2

If you still get redirection of web pages then your pc is infected with a rootkit and for that try

TDSS, TDLS and Alureon rootkit Removal

link 3 (the one I used)

Or HitmanPro

To insure all your programs are up to date run the Secunia Online Software Inspector

link 5

A short scan of the Kasperski Rootkit Removal Tool (link 3) found this malware and deleted it.

[bedbugy]

i had the same problem to a fake google site

and my agv free edition was infected

what i did

remove all my virus removers malwybites agv and spy bot

then i downloaded from windows microsoft security essential

did a full scam of computer and it found and removed a trogen

ps your windows must be genuine

[PattayaParent]

I have a similar problem but using the above software has not found anything.

I get a Trojan Horse alert when I try to open www.regents.ac.th which is the website for The Regents School.

Anyone else having a problem?

[bangkokcitylimits]

I have a similar problem but using the above software has not found anything.

I get a Trojan Horse alert when I try to open www.regents.ac.th which is the website for The Regents School.

Anyone else having a problem?

If you can, try to AVOID ALL THAI MADE WEBSITES as most of them are infested with malware, viruses, spam pop-ups etc. Also try to avoid Thais plugging their flash drive into your PC, for the same reason, almost all of them are contaminated with viruses. Not suprising, locals (and many foreigners too) are completely unaware of PC maintanance just playing their dancing games and MSN (msn is a notorious virus/malware distributor, very sensitive for viruses and better use the Digsby.com widget to access your MSN account) using counterfeit antivirus (...) and using counterfeit everything even in offices. Better don't buy a used pc from a Thai, big chance you will regret it.

Even the technician of CAT Telecom Chiang Mai is using a virus infected flash drive to update CDMA usb modems*, cost me a week to find out !

*the safe updates you get via their website only.

Be warned.

[PattayaParent]

I have a similar problem but using the above software has not found anything.

I get a Trojan Horse alert when I try to open www.regents.ac.th which is the website for The Regents School.

Anyone else having a problem?

Having re-read the OP he's using Mozilla.

My problem is with IE8.

[bangkokcitylimits]

I have a similar problem but using the above software has not found anything.

I get a Trojan Horse alert when I try to open www.regents.ac.th which is the website for The Regents School.

Anyone else having a problem?

Having re-read the OP he's using Mozilla.

My problem is with IE8.

I suggest post your question beside on ThaiVisa also on the Yahoo Answers forum in the right section, many exprienced people there 24/7 and usual you get an answer within minutes.

Add details, tell them what security programs you already have to avoid useless suggestions and add the link to a screenshot. Also this is a very good PC forum.

Please post the results in this treat, as I did, also for other TV members using IE can the information can be very helpful.

Success !

[PattayaParent]

The concensus of answers seems to be a false positive and to 'sandbox' the browser to be sure.

Thiose that have scanned the website report no viruses found either so it sounds like an issue with Avast.

I have opened the website on another computer that does not have Avast installed and there is no virus detected.

[siamect]

The concensus of answers seems to be a false positive and to 'sandbox' the browser to be sure.

Thiose that have scanned the website report no viruses found either so it sounds like an issue with Avast.

I have opened the website on another computer that does not have Avast installed and there is no virus detected.

Hallooo, wake up....stop dreaming!

The reality is that your computer (not necessarily that website) is infected and Avast is telling you that...

Am I sure? Of course not, but you cannot be sure it is a false alarm either...Do all people with Avast have this problem?

Get you data backed up (Now!) and give you computer an extreme makeover....

Martin

[bangkokcitylimits]

The concensus of answers seems to be a false positive and to 'sandbox' the browser to be sure.

Thiose that have scanned the website report no viruses found either so it sounds like an issue with Avast.

I have opened the website on another computer that does not have Avast installed and there is no virus detected.

Hallooo, wake up....stop dreaming!

The reality is that your computer (not necessarily that website) is infected and Avast is telling you that...

Am I sure? Of course not, but you cannot be sure it is a false alarm either...Do all people with Avast have this problem?

Get you data backed up (Now!) and give you computer an extreme makeover....

Martin

Sounds way more complicated the necessary, but about drive back-ups: the todays Giveawayoftheday might be useful for that, seems to be good.

Oh, about system maintanance: IObit who developed Advanced System Care PRO has some free versions available, the fully functional PRO version can be obtained for free here for several days. All you have to do is subscribing.

But first get rid of your virus/malware !

[siamect]

Sounds way more complicated the necessary, but about drive back-ups: the todays Giveawayoftheday might be useful for that, seems to be good.

Oh, about system maintanance: IObit who developed Advanced System Care PRO has some free versions available, the fully functional PRO version can be obtained for free here for several days. All you have to do is subscribing.

But first get rid of your virus/malware !

Just make sure they are free

And backup first before you do anything else... (booting from a different media not containing Windows ia a precondition for this)

[Jiu-Jitsu]

Swap your HOSTS file with this one. Will help to prevent you from getting infected in the first place.