Jump to content
Be the first to know! Get our Daily Newsletter! ×

Avast Gives Malware Alert For Clikcpixelabn.Com When Search Google

bangkokcitylimits

By bangkokcitylimits
in IT and Computers

 Share

Recommended Posts

bangkokcitylimits Gold Member

bangkokcitylimits

Posted
Posted (edited)

Avast gives malware alert for clikcpixelabn.com when search Google, what is this and how to solve?

It started (only) when I opened ThaiVisa 2 days ago, repeatedly, I thought it could be a hijacked Flash banner, now it seems Google took it over.

screenshot of the Avast alert in Dutch:

avastwarning.jpg

Now ONLY when on the Google search page, both on FF and IE. Using Vista.

Looks like Google has been hijacked on my pc ?

Please don't come with easy suggestions like Malwarebytes etc. I have all that. This seems to have slipped trough. I'm always selective with the websites that I open, not open randomly everything, like the many 'free this and free that' sites that are often are infected.

edit: this happens EVERYTIME I click 'Search' on google.com, whatever information I look for, I'm not opening websites.

Edited by bangkokcitylimits
Link to comment
Share on other sites
bangkokcitylimits Gold Member

bangkokcitylimits

Posted
  • Author
Posted (edited)

check your windows/system32/drivers/etc/hosts file and see if there are anything about google...

Hi, thanks.

In the drivers file there's nothing with Google, but many of few hundred files have 'google' in it like this:

General

Complete name : C:\Users\USER\Desktop\google\PEAuth.sys

Format : MZ

Format profile : Executable / Intel i386

File size : 858 KiB

Encoded date : UTC 2006-10-23 08:55:32

There is no file called 'hosts' in drivers

I made a copy of the drivers file, eventually can put this online so you can see it, but not sure if this is safe or contains vital private data.

edit:

this are screenshots of all the files that are in 'drivers':

1

2

3

Edited by bangkokcitylimits
Link to comment
Share on other sites
bangkokcitylimits Gold Member

bangkokcitylimits

Posted
  • Author
Posted

In the meanwhile I found this information:

'Firefox could be used to load a malicious code library that had been planted on a victim’s computer. An attacker could use this vulnerability to trick a user into downloading a HTML file and a malicious copy of dwmapi.dll into the same directory on their computer and opening the HTML file with Firefox, thus causing the malicious code to be executed.'

source

But still no idea what to do, Malwarebytes PRO doesn't see it and Avast (free) doesn't help getting rid of it.

Link to comment
Share on other sites
wolf5370 Ruby Member

wolf5370

Posted
Posted

check your windows/system32/drivers/etc/hosts file and see if there are anything about google...

Hi, thanks.

In the drivers file there's nothing with Google, but many of few hundred files have 'google' in it like this:

General

Complete name : C:\Users\USER\Desktop\google\PEAuth.sys

Format : MZ

Format profile : Executable / Intel i386

File size : 858 KiB

Encoded date : UTC 2006-10-23 08:55:32

There is no file called 'hosts' in drivers

I made a copy of the drivers file, eventually can put this online so you can see it, but not sure if this is safe or contains vital private data.

edit:

this are screenshots of all the files that are in 'drivers':

1

2

3

You missed the etc subdirectory in the path he gave you - there WILL be a HOSTS file (no extension) - though on Vista you will need use NotePad as an Administrator to eidt it (and unset the Raed Only flag first too). Most things in the HOSTS file should either begin with a # (making them a comment) or have 127.0.0.1 against a URI - if any have something else (i.e. not 127.0.0.1) then this could be a malicious redirect and its best to comment it out and try again (save the file first and refresh your browsr too).

It could also be a legitimate catch -sometimes sites are hacked and malicious javascript is inserted (Google often warns of this on their searche for example - this site is losted as being infected with malicious content - Are you sure you want to proceed? etc). I don't know the site, can you access it from a nother machine or does that machine also give the same warning?

Link to comment
Share on other sites
bangkokcitylimits Gold Member

bangkokcitylimits

Posted
  • Author
Posted (edited)

OK solved !

(with help of a member of the Yahoo Answers forum, I will copy/paste the very useful information as it might be helpful to others)

'As you saw in the Avast prompt your Firefox was infected.

Mozilla patches DLL load hijacking vulnerability

link 1 link 2

If you still get redirection of web pages then your pc is infected with a rootkit and for that try

TDSS, TDLS and Alureon rootkit Removal

link 3 (the one I used)

Or HitmanPro

To insure all your programs are up to date run the Secunia Online Software Inspector

link 5

A short scan of the Kasperski Rootkit Removal Tool (link 3) found this malware and deleted it.

capture072.png

Edited by bangkokcitylimits
Link to comment
Share on other sites
bedbugy Senior Member

bedbugy

Posted
Posted

i had the same problem to a fake google site

and my agv free edition was infected

what i did

remove all my virus removers malwybites agv and spy bot

then i downloaded from windows microsoft security essential

did a full scam of computer and it found and removed a trogen

ps your windows must be genuine

Link to comment
Share on other sites
bangkokcitylimits Gold Member

bangkokcitylimits

Posted
  • Author
Posted

I have a similar problem but using the above software has not found anything.

I get a Trojan Horse alert when I try to open www.regents.ac.th which is the website for The Regents School.

Anyone else having a problem?

If you can, try to AVOID ALL THAI MADE WEBSITES as most of them are infested with malware, viruses, spam pop-ups etc. Also try to avoid Thais plugging their flash drive into your PC, for the same reason, almost all of them are contaminated with viruses. Not suprising, locals (and many foreigners too) are completely unaware of PC maintanance just playing their dancing games and MSN (msn is a notorious virus/malware distributor, very sensitive for viruses and better use the Digsby.com widget to access your MSN account) using counterfeit antivirus (...) and using counterfeit everything even in offices. Better don't buy a used pc from a Thai, big chance you will regret it.

Even the technician of CAT Telecom Chiang Mai is using a virus infected flash drive to update CDMA usb modems*, cost me a week to find out !

*the safe updates you get via their website only.

Be warned.

Link to comment
Share on other sites
bangkokcitylimits Gold Member

bangkokcitylimits

Posted
  • Author
Posted

I have a similar problem but using the above software has not found anything.

I get a Trojan Horse alert when I try to open www.regents.ac.th which is the website for The Regents School.

Anyone else having a problem?

Having re-read the OP he's using Mozilla.

My problem is with IE8.

post-51760-032899000 1284619841_thumb.jp

I suggest post your question beside on ThaiVisa also on the Yahoo Answers forum in the right section, many exprienced people there 24/7 and usual you get an answer within minutes.

Add details, tell them what security programs you already have to avoid useless suggestions and add the link to a screenshot. Also this is a very good PC forum.

Please post the results in this treat, as I did, also for other TV members using IE can the information can be very helpful.

Success !

Link to comment
Share on other sites
PattayaParent Diamond Member

PattayaParent

Posted
Posted

The concensus of answers seems to be a false positive and to 'sandbox' the browser to be sure.

Thiose that have scanned the website report no viruses found either so it sounds like an issue with Avast.

I have opened the website on another computer that does not have Avast installed and there is no virus detected.

Link to comment
Share on other sites
siamect Silver Member

siamect

Posted
Posted (edited)

The concensus of answers seems to be a false positive and to 'sandbox' the browser to be sure.

Thiose that have scanned the website report no viruses found either so it sounds like an issue with Avast.

I have opened the website on another computer that does not have Avast installed and there is no virus detected.

Hallooo, wake up....stop dreaming!

The reality is that your computer (not necessarily that website) is infected and Avast is telling you that...

Am I sure? Of course not, but you cannot be sure it is a false alarm either...Do all people with Avast have this problem?

Get you data backed up (Now!) and give you computer an extreme makeover....

Martin

Edited by siamect
Link to comment
Share on other sites
bangkokcitylimits Gold Member

bangkokcitylimits

Posted
  • Author
Posted (edited)

The concensus of answers seems to be a false positive and to 'sandbox' the browser to be sure.

Thiose that have scanned the website report no viruses found either so it sounds like an issue with Avast.

I have opened the website on another computer that does not have Avast installed and there is no virus detected.

Hallooo, wake up....stop dreaming!

The reality is that your computer (not necessarily that website) is infected and Avast is telling you that...

Am I sure? Of course not, but you cannot be sure it is a false alarm either...Do all people with Avast have this problem?

Get you data backed up (Now!) and give you computer an extreme makeover....

Martin

Sounds way more complicated the necessary, but about drive back-ups: the todays Giveawayoftheday might be useful for that, seems to be good.

Oh, about system maintanance: IObit who developed Advanced System Care PRO has some free versions available, the fully functional PRO version can be obtained for free here for several days. All you have to do is subscribing.

But first get rid of your virus/malware !

Edited by bangkokcitylimits
Link to comment
Share on other sites
siamect Silver Member

siamect

Posted
Posted (edited)

Sounds way more complicated the necessary, but about drive back-ups: the todays Giveawayoftheday might be useful for that, seems to be good.

Oh, about system maintanance: IObit who developed Advanced System Care PRO has some free versions available, the fully functional PRO version can be obtained for free here for several days. All you have to do is subscribing.

But first get rid of your virus/malware !

Just make sure they are free

And backup first before you do anything else... (booting from a different media not containing Windows ia a precondition for this)

Edited by siamect
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...