ESET is intermittently blocking a URL that I am not physically entering...

Discussion in 'ESET NOD32 Antivirus' started by microv, Aug 9, 2010.

Thread Status:
Not open for further replies.
  1. microv

    microv Registered Member

    Joined:
    Aug 9, 2010
    Posts:
    5
    In the lower right corner, intermittently, (3 times total in the last 5 hours) the red notice block comes up saying the ESET NOD32 has blocked a suspicious url.

    How do I find where that URL is coming from that it is being blocked.

    I did a total scan over the weekend and nothing suspicious was found.
    The original source of the problem is a download I made which had a link to that particular url, but I deleted all that.

    Where is that url hiding that it is trying to access the web and shouldn't NOD32 delete it?
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. microv

    microv Registered Member

    Joined:
    Aug 9, 2010
    Posts:
    5
    I'm waiting for it to happen again to capture the link.
    What is the best way to get the link...can I copy/paste from within the red "alert" window?
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    or just post a screenshot of the window
     
  5. microv

    microv Registered Member

    Joined:
    Aug 9, 2010
    Posts:
    5
    Here is a screen capture of the notification:

    ESET url address.jpg
     
  6. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Yes that is malware. See 2nd post for suggestions
     
  7. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
  8. microv

    microv Registered Member

    Joined:
    Aug 9, 2010
    Posts:
    5

    Thank you.
    It took the combination of both of those to clear it up. Hitmanpro seemed to find it all but couldn't clear out a file "isapnp.sys" that was in the System32\Drivers folder. (I used East-Tech Eraser to delete that file). I ran Hitmanpro again, but though it didn't find any files, it still showed something about the Hard disk stack...something something...I don't know exactly.
    Even with isapnp.sys deleted, the URL alert showed up again. I then ran Malwarebytes' Anti-Malware and it found something and cleaned it up.
    I ran Hitmanpro again, and the Hard disk message was no longer there and and the ESET url alert has not shown even after doing the same things that I did previously that I saw made the alert show.

    Thank you again.

    I don't want this to sound as a slam against ESET but shouldn't it have found this problem. I ran a full system scan over the weekend, but it showed no problems. Also, I am pretty sure of the source of my problem, a download I did. I scanned that download also before and and after unzipping it and nothing was found in it.

    If anyone wants to look into it:
    I am nearly 100% positive that the problem is within this file Link to possible malware removed (after download)
     
    Last edited by a moderator: Aug 10, 2010
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'm getting "This file is either removed due to copyright claim or is deleted by the uploader." If you re-upload the file, PM me the link instead of posting it to the forum.
     
  10. microv

    microv Registered Member

    Joined:
    Aug 9, 2010
    Posts:
    5

    The file was one I found, not uploaded, so I do not have it to share. I received it from the site I listed, which is no longer sharing the file.
     
  11. Nerimash

    Nerimash Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    86
    Location:
    Ukraine
  12. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    And yet ppl say webprotection is a waste of resources ;)
     
Thread Status:
Not open for further replies.