Avast WEBforum

Other => Viruses and worms => Topic started by: midnight on September 21, 2012, 11:47:03 AM

Title: What Is This
Post by: midnight on September 21, 2012, 11:47:03 AM
avast! blocked the virus:
hxxp://urlfilter.vmn.net/vmnsbf/data/120921093944-m.zip|1209...

Virus Lab research shows that more than 80% of malware (viruses, trojans, worms, spyware) now spreads via the internet. More notably, only 1% of this number comes from suspicious or ‘dodgy’ sites – about 99% spreads via legitimate websites that have been hacked.

We’ve got your back.

The only websites I've been on this am. is Facebook and this forum.  In fact this popped up while I was on the forum.
Title: Re: What Is This
Post by: DavidR on September 21, 2012, 12:13:12 PM
Please 'modify' your post change the URL from http to hXXp, to break the link and avoid accidental exposure to suspect sites, thanks.

The fact that you get a pop-up on a specific site doesn't necessarily mean the malware is on that site. There is more to it than that. Depending on the browser you can have add-ons (some which might be malicious, redirecting urls in the browser).
Title: Re: What Is This
Post by: adotd on September 21, 2012, 12:24:01 PM
Look at pic bellow ;)
Title: Re: What Is This
Post by: midnight on September 21, 2012, 12:29:33 PM
I was on and still am using the Flock browser which is the browser I use to access this forum.  As far as I know I don't have any add on's on this browser.
Title: Re: What Is This
Post by: adotd on September 21, 2012, 12:32:08 PM
Hi -midnight

When you get the alert can you take a print screen and post it here  8)

Title: Re: What Is This
Post by: midnight on September 21, 2012, 12:34:20 PM
Hi -midnight

When you get the alert can you take a print screen and post it here  8)

I don't know how to do that.
Title: Re: What Is This
Post by: adotd on September 21, 2012, 12:48:29 PM
If you look on keyboard, you will see a key that looks like the one circled in the picture bellow

When you get the alert press that, it will take a printscreen for you

Next

Click Start
Click All programs
Click Accessories
Click Paint


on your keyboard press

CTRL + V

this will paste the screenshoot to paint

*You may need to crop the image*

Click File
Click Save as
Give it a name
Then click on save

Once done attach it here
Title: Re: What Is This
Post by: midnight on September 21, 2012, 01:07:23 PM
nfection Details
URL:   hxxp://urlfilter.vmn.net/vmnsbf/data/120...
Process:   C:\ProgramData\Anti-phishing Domain Advi...
Infection:   JS:ScriptSH-inf [Trj]

This just popped up.
Title: Re: What Is This
Post by: adotd on September 21, 2012, 01:12:26 PM
Hi  -midnight

Follow the guide and attach the logs.

http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0)

AdwCleaner
Malwarebytes
OTL
aswMBR

Best Regards

Anthony
Title: Re: What Is This
Post by: midnight on September 21, 2012, 01:58:25 PM
I just ran a full scan and it didn't show any threats.
Title: Re: What Is This
Post by: adotd on September 21, 2012, 02:03:11 PM
Hi  -midnight

Follow the guide and attach the logs.

http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0)

AdwCleaner
Malwarebytes
OTL
aswMBR

Best Regards

Anthony

Follow the following  8)
Title: Re: What Is This
Post by: DavidR on September 21, 2012, 03:42:57 PM
@ -midnight
Is this a program that you have installed C:\ProgramData\Anti-phishing Domain Advi... (presumably the last bit is Advisor) ?
Title: Re: What Is This
Post by: DavidR on September 21, 2012, 05:02:46 PM
Try finding and disabling the Anti-phishing Domain Advisor and see if this is what is causing the problem.

Personally I don't see the need for a dedicated Anti-phishing application as the avast Network Shield malicious sites list is likely to cover phishing sites as many are likely to be malicious. Depending on your browser, it may have anti-phishing built in. You can also consider using the OpenDNS.com as your DNS server it has a dashboard function with many categories you can block at DNS server level, Phishing being one and other parental control settings, http://www.opendns.com/start/ (http://www.opendns.com/start/) for more info. 
Title: Re: What Is This
Post by: midnight on September 22, 2012, 12:07:30 AM
Try finding and disabling the Anti-phishing Domain Advisor and see if this is what is causing the problem.

Personally I don't see the need for a dedicated Anti-phishing application as the avast Network Shield malicious sites list is likely to cover phishing sites as many are likely to be malicious. Depending on your browser, it may have anti-phishing built in. You can also consider using the OpenDNS.com as your DNS server it has a dashboard function with many categories you can block at DNS server level, Phishing being one and other parental control settings, http://www.opendns.com/start/ (http://www.opendns.com/start/) for more info.

Why would this even be installed on my new computer if it was going to cause a problem?
Title: Re: What Is This
Post by: DavidR on September 22, 2012, 12:48:43 AM
I haven't a clue why it would be installed on a new computer aside from not knowing what that computer was, many manufacturers load their computers with junk, looks good in a long list of free software.

They also haven't a clue what you are going to subsequently install.

Dell in the past have had lots of form for installing cr4pware, there was a tool built to remove it, Decrapifier. 
http://uk.search.yahoo.com/search?p=remove+crapware (http://uk.search.yahoo.com/search?p=remove+crapware)
Title: Re: What Is This
Post by: midnight on September 22, 2012, 01:07:05 AM
Look at pic bellow ;)

I don't have the Google Chrome browser.
Title: Re: What Is This
Post by: DavidR on September 22, 2012, 01:15:58 AM
Look at pic bellow ;)

I don't have the Google Chrome browser.

You don't have to have that browser, it is an example of the avast alert and how you attach it in a post.
Title: Re: What Is This
Post by: midnight on September 22, 2012, 01:37:56 AM
I haven't a clue why it would be installed on a new computer aside from not knowing what that computer was, many manufacturers load their computers with junk, looks good in a long list of free software.

They also haven't a clue what you are going to subsequently install.

Dell in the past have had lots of form for installing cr4pware, there was a tool built to remove it, Decrapifier. 
http://uk.search.yahoo.com/search?p=remove+crapware (http://uk.search.yahoo.com/search?p=remove+crapware)

My Identity Protection is installed too.  I clicked on it once and entered my name but it asked for my SS number so I didn't go any further.   Guess I had best uninstall that too.
Title: Re: What Is This
Post by: DavidR on September 22, 2012, 02:13:05 AM
I have never heard of My Identity Protection (so I can't really say), but I know a friend who probably does google.com/yahoo.com.
Title: Re: What Is This
Post by: midnight on September 22, 2012, 10:04:13 AM
avast! blocked the virus:
hxxp://urlfilter.vmn.net/vmnsbf/data/120921093944-m.zip|1209...

This popped up after I uninstalled Anti Phishing Advisor.

I tried to do a screen shot using paint but it didn't work.

Since I ran a boot scan yesterday and it didn't show any threats I'm not going to worry about these stupid popups anymore.