You are not logged in.

Saturday, April 19th 2014, 1:56pm

Dear visitor, welcome to Avira Support Forum. If this is your first visit here, please read the Help. It explains in detail how this page works. To use all features of this page, you should consider registering. Please use the registration form, to register here or read more information about the registration process. If you are already registered, please login here.

  • "13thvulture" started this thread

Date of registration:
Jan 25th 2012

Version:
Avira Free Antivirus

Operating System:
windows 7

  • Send private message

1

Wednesday, January 25th 2012, 5:45am

Ok, this is just getting annoying... have i got a virus, or not?

for the past 2 days, sometimes when i visit websites (this is rather common, it seems) i get redirected to a splash page with the following message:

"One more step to access [website name here]"

[theres a captcha box here]


"View advanced details and evidence regarding your restriction

Sorry, no evidence is available at this time.



What happened?
Your computer or another computer on your network is compromised with a virus. This allows online criminals to use it as part of a botnet to send spam and attack websites.

Why am I seeing this page?
This website is participating in a project to stop attacks and educate visitors with infected computers about how they can clean up their machines.

What should I do?
Make sure your anti-virus software is up to date and run a full scan.

When will this restriction go away?
This restriction will disappear when no more harmful behavior is detected. Completing the challenge above proves you are a human and gives you temporary access. You can ask the website owner to permanently whitelist you."


ive done multiple virus scans now. ive used avira, malwarebytes, and avast. all clean. used rkill first in case it was any sort of "jumping" virus. tried tdsskiller to check extra carefully for rootkits, gave botnetchecker.com a visit. everything is 100% clean. i even changed my SSID and hid it (so anyone connecting would need to know the new SSID to be able to find my network) just on the chance that its detecting someone else in my network. i still get the restriction when visiting certain websites.

i dont think this restriction is any kind of scam, since it doesnt try to download/sell me anything, or even recommend a specific virus scanner. it just tells me i have a virus, and i cant figure out why.

it says its some sort of security system made by cloudflare, which, looking into it seems to be a legitimate site.

any help on this issue?

marfabilis

Moderator

Date of registration:
May 14th 2010

Version:
Avira Free Antivirus
Avira Antivirus Suite
Avira Internet Security Suite
Avira Internet Security

Operating System:
System of a Down

  • Send private message

2

Wednesday, January 25th 2012, 10:45am

Hi 13thvulture,

At first, this is splash screen is not related to a malware infection, but a "security feature" of a software. Read more here and here. According to the developer it has three security levels and it gives no certainty that the computer is actually infected, since the developer posts "The challenge page also educates the visitor that their computer may be infected". It seems to be only a third-party software using informations based on third-party sources. Also, it will happen only with some websites who uses this kind of software (it's very limited). Maybe it could related to your IP range (that is not your responsibility). Most probably when accessing the website with this kind of "splash screen" with a reliable proxy, it will not happen (just a hunch).

However, the support through Avira Support Forum is dedicated to Avira customers (free or premium users). If you're really a customer of Avira, be careful when installing and using "multiple antivirus" in your computer, since Avira doesn't recommend to install any other antivirus software along with any product of Avira, regardless of developer. The reason for this is that if both products have their automatic (real-time) protection switched on, then those products which don't encrypt the virus strings within them, could cause that other antivirus products to generate "false positives". It can also lead to a clash, as both products fight for access to files which are opened again in their resident / real-time protection. In general terms, the two antivirus softwares may conflict and cause:
  • False Positives: When the antivirus software tells you that your PC has a virus, when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time. Also it could cause some instability, crashing your computer, some slow performance and waste your system resources.
Also read: Would it be wrong to install multiple antivirus programs in parallel?

Please follow these procedures below:

1) Please run the DDS tool, following these procedures below:
  • Download the DDS Tool :: Alternative link and save the file to your Desktop;
  • Double-click on the DDS.scr icon to start the program and click on the run button to start DDS;
  • DDS will now display a small black window providing information as to what DDS is doing on your computer;

  • DDS will now start scanning your computer and compiling a variety of information about what programs are starting on your computer, what files have been recently created, and the general configuration of your computer. When DDS has finished scanning, all of this information will be compiled and be displayed in two notepad windows named dds.txt and attach.txt;
  • Save both files to your Desktop and submit the dds.txt and attach.txt to Pastebin.com. Post the URL from dds.txt and attach.txt in your next reply.
How to submit your logs using Pastebin.com:
  • Copy all text (CTRL + A | CTRL + C) and Paste (CTRL + V) in the form. Follow this procedure for both files:
  • Please select "1 day" in the Paste Expiration and click on Submit button;
  • Your log can be detected by spam detection filter from Pastebin.com. Just type the captcha that will appear in your screen.
  • Wait a few seconds and a screen with your text will appear. Copy and paste the URL of your submission in your next reply.
---
2) Download and perform a full scan with Malwarebytes Anti-Malware
  • Once the installation is complete, make sure that Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware are checked when you click Finish;
  • On the Scanner tab, make sure that the Perform full scan option is selected and then click on the Scan button to start scanning your computer for infections;
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found";
  • Click OK to close the message box and continue with the removal process;
  • Click on the Show Results button to see a list of any malware that was found;
  • Copy and paste the content of that report in your next reply;
  • Do not check or remove anything yet. Please wait for a further advice about your MBAM log.
See a tutorial with images: http://forum.avira.com/wbb/index.php?pag…&threadID=86035
-----
3) Please download MiniToolBox, save it to the desktop and run it from there (Vista and Windows 7 users, right click on MiniToolBox.exe choose "Run As Administrator" to run it)
  • Place a check next to the following boxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock entries
    • List last 10 Event Viewer Errors
    • List Installed Programs
  • Press the Go button;
  • A file name Result.txt will be created in the same location where you downloaded MiniToolBox.exe;
  • Close the MiniToolBox window
----
Marco
| :: RU | EN | PT-BR | ZH-CN | ZH-TW ::