Consumer Products > Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier)
Malware warning in Firefox
michael266:
A couple of days ago I started getting a malware warning whenever I use Firefox. The info refers to different files (e.g. C:\Program File\Mozilla Firefox\firefox.exe or C:\Programs\Google\GO333@~1\GoogleDesktopNetwork3.dll) but a common theme is http://23.feedclickonline.com/feed?type
I scanned with Avast and Malwarebytes - nothing. I tried removing the Google dll but this doesn't help. I'm using Vista - another computer in the office using Windows 7 doesn't have this problem as far as I can tell.
Any help with this will be apprciated.
mikaelrask:
hey follow this guide and attach your logs.
http://forum.avast.com/index.php?topic=53253.0
welcome to the forum.
michael266:
I followed the instructions as you suggested. The aswMBR scan found a corrupted file ...AppData\Roaming\necmac.dll which contained the Trojan Win32:Medfos.
The aswMBR program gave a dire warning against using it to write a new Master Boot Record so I did not click on "fix". The Avast alert warning still comes up after reboot when I open Firefox.
I have now scheduled a Boot-Level Avast scan to operate after I shut down tonight. This is one reason I respect Avast, because this scan mode has found virus infections that have sneaked past the regular Avast screens, and eluded other antimalware programs.
We'll see how things look in the morning.
SafeSurf:
You forgot to attach your MBAM log. Please post it so we can see any quarantined files. Thank you.
It also looks like you had McAfee at some point with drivers still in your system. You need to uninstall McAfee again: http://singularlabs.com/uninstallers/security-software/.
I also noticed that you are using ASC (by iobit). Does the product you are using also contain an AV, as some of theirs do? Having 2 AV's on your machine can create all kinds of havoc. Please check and let us know.
I am going to refer you to our Certified Malware specialist, named Essexboy. He will also review your logs and give you further instructions, however he comes on the forum late UK time. He will respond to you in this thread, so remember to check this thread daily.
Please do not make any further changes to your machine now that you have provided the logs.
IMPORTANT: If you are on a home network, disconnect the affected machine from the network. Do not share a USB/flash drive with this affected machine. Do not use this machine unless Essexboy or another malware specialist instructs you do to malware removal instructions; use a different machine to check email, sync your phone or other devices.
Let us know if you have any questions. Thank you.
michael266:
Thanks for your detailed reply.
(1) As I mentioned in last night's note, I scheduled a Boot-level scan when I shut down. This morning, the scan showed these infections: Win 32:Medfos (Trj), Win 32: Ransom-LJ (Trj), Java:Downloader-GD (Trj), Win32-InstallCore-AM (PUP) and Win32:Evo-Gen (Susp). All were moved to the Chest, then Deleted.
(2) This morning, the Firefox warnings still appear.
(3) I did not see a MBAM log - just the three that I sent. How is this generated?
(4) Advanced System Care v. 5.2 (Free version) does not, as far as I can tell, include an antivirus component. It appears to scan and clean only. The last time I did a scan using it was back in April.
I do, however, have Windows Defender installed - I just checked, and this program deleted two Trojans on 7/23 during its scheduled daily scan - Win32:Karagang I and Win32:Siref.P Defender did not notify me of these deletions.
(5) Since I had already made changes to the system, I will await instructions from Essexboy and do what he suggests.
(6) There is one other computer in my office, using the same wireless router. We don't interact. It shows no behavior similar to what I've described. I will run a boot-level scan on this one.
I will avoid using this machine as much as possible until I hear from your specialist. If necessary I can run through the entire process again (sigh). Thanks again!
Navigation
[0] Message Index
[#] Next page
Go to full version