Avast WEBforum
Other => Viruses and worms => Topic started by: Lib on July 29, 2011, 09:32:19 AM
-
Hello all,
Well, the title of this thread is roughly how I would translate this message that has kept popping up on my Avast for the past few days (I am a European French-speaker, hence Avast is set up in French here :-p)
The threat in question seems to be malware (a "malicious url address") and/or a trojan horse, depending on the moment.
I have followed the advice given in the top thread of this section, i.e. I have downloaded Malwarebytes and made a full scan (after the quick scan had found nothing).
Two suspicious elements were found, which I promptly deleted.
Unfortunately, the warning message has kept coming back, so I have performed a second full scan and once again deleted the suspicious elements.
After this I have downloaded OTS, scanned my PC with it and downloaded the log (should I post it here?).
Needless to say that the "threat" keeps coming back...I even received 14 such messages consecutively at one point..
As I use this computer mainly for work, any help from you would be greatly appreciated (please bear in mind that I am not exactly a tech or computer-savvy person...so if you could keep your explanations somewhat simple and detailed, I would be doubly grateful to you :-))
Thanks in advance!
-
After this I have downloaded OTS, scanned my PC with it and downloaded the log (should I post it here?).
Yes, this is the place to post it. Use the attachment function (see "additional options" when you are making a post).
-
Thank you for your response, Gargamel.
Things are becoming even more fun in the meantime.
I made a new scan with OTS in order to have a fresh new log, but when I wanted to save the log in my appropriately created OTS file, the ANSI format was unavaliable (the box is just blank).
And when I open the OTS file or try to upload my log on here, the log doesn't appear! The folder is empty, as if I hadn't saved anything at all (which I guarantee I did...I even re-made a OTS scan, deleted the previous logs, saved it in several locations...but to no avail...the log get saved...but doesn't exist :-s..
-
Delete
-
Hi Pondus,
Not sure whether that is an advice or whether you've deleted your own post..
If you mean that I should delete the OTS logs, I have. At least it seems so since the folder is empty when I open it...
Too bad it isn't when I try to save a new OTS log in said folder (in that case the previous logs do appear!)..
Basically I cannot delete OTS logs that otherwise appear invisible, and when I save new ones, they become invisible too.
All very confusing...and Avast's malware warnings keep popping up :-p
-
it was just me not reading your first post good enough, so i deleted the txt
anyway it will be some time before essexboy is here...he is the OTS expert
he is usually in here at 08:00pm - 11:59pm uk time
have you tried to run a boot time scan with avast first ?
if it find and remove anything, then try OTS again...could be some new malware that is blocking OTS
OBS: you should also post the log from Malwarebytes scan, so Essexboy can see what was found/removed
-
Thank you Pondus.
Well it seems that I can at least have access to and post the Malawarebytes log, so in the meantime here it is.
Regards,
Lib
-
your malwarebytes was not updated when you did the scan..
your database: 7257 Latest database: 7315
MBAM can have 10 updates on a day, so always hit the update button before you start scanning
so update scan again, post new log if anything is found/removed
-
Ok thanks I will do that.
Incidentally, I also have Ad-Aware on my computer from way back...is there a risk of conflict between the latter and Malwarebytes? if so, should I unisntall Ad-Aware?
Thanks in advance.
-
Ok so I've updated Malawarebytes and done a quick scan. Two more elements were found (trojans). Attached is the log.
Avast on the other hand didn't find anything, once again...and lo and behold, I've just had my first "threat detected" :-p..
-
Hi there lets using a different variant then - this will download as a screensaver ;D so if you use firefox then right click the link and select save as - do not let Avast sandbox this programme, run it normally - Attach the logs to your next post please
Download OTL (http://oldtimer.geekstogo.com/OTL.scr) to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
-
Hello Essexboy,
Thank you for your reply.
I don't use Firefox and I didn't seem to find any link...HOWEVER this morning I am able again to download the log in ANSI format AND see it appear in its folder. So hereafter it is.
Looking forward to your precious help,
Lib
-
OK not a lot showing there so I will empty your temp files and check the MBR first
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!
THEN
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
(http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR2-1.gif)
On completion of the scan click save log, save it to your desktop and post in your next reply
(http://public.avast.com/~gmerek/aswMBR2.png)
-
Hello Essexboy,
I have performed the run fix with OTS as you recommended. After a (somewhat long) while, I received a message saying that OTS had stopped working.
I turned off my computer and upon turning it on again this log (attached) opened up automatically.
Before I proceed with the next step, could you tell me if said log is of any use to you? If not, should I retry the scan fix before downloading aswMBR?
Thanks in advance.
-
You had a multitude of temporary files on your system - this was why it appeared to stall
Lets run another quicker programme to clear the temps and then run aswMBR
Clear Cache/Temp Files
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
- Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- It will close all programs when run, so make sure you have saved all your work before you begin.
- Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
- Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
-
Good morning Essexboy,
I've performed the TFC scan as well as the aswMBR one.
Attached is the log relating to the latter.
I am looking forward to further useful guidance from you.
Lib
-
Are you still getting the alerts ?
Download ComboFix from one of these locations:
Link 1 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 2 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-
Well I have been on the computer all day and I haven't received any alert...except for one, when I visited this particular website (a football forum :-p) and was told that a trojan had been blocked. I already received this message systematically in the past few days whenever I visited that page.
But other than that, no alert whatsoever so far...does this mean that the possibility of a trojan still exists, albeit remote, or that the problem lies with that website and that I should simply not visit it anymore?
-
To me that suggests the website has been hacked
No need to run combofix - but let me know tomorrow if there are any further problems
If not I will remove my tools
-
Hello essexboy,
So far I haven't had any problem today either. The only alert since the clean-up, as I said, was yesterday when I visited that site. So I guess I'll just stay away from it for some time.
Again thank you very much for your help.
-
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
Uninstall ComboFix
Remove Combofix now that we're done with it.
- Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
- Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.
[indent](http://i275.photobucket.com/albums/jj285/Bleeping/Combofix/CFuninstall.gif)[/indent] - Please follow the prompts to uninstall Combofix.
- This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
- You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
Run OTS and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
(http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif) Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
- Go to this site (http://java.com/en/) and click Do I have Java
- It will check your current version and then offer to update to the latest version
SPRING CLEAN
To manually create a new Restore Point
- Go to Control Panel and select System
- Select System
- On the left select System Protection and accept the warning if you get one
- Select System Protection Tab
- Select Create at the bottom
- Type in a name i.e. Clean
- Select Create
Now we can purge the infected ones
- GoStart > All programs > Accessories > system tools
- Right click Disc cleanup an select run as administrator
- Select Your main drive and accept the warning if you get one
- For a few moments the system will make some calculations
- Select the More Options tab
- In the System Restore and Shadow Backups select Clean up
- Select Delete on the pop up
- Select OK
- Select Delete
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Malwarebytes (http://www.malwarebytes.org/mbam-download.php). Update and run weekly to keep your system clean
Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit - Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)
Keep safe :wave:
-
Ok, I have performed the run fix and uninstalled the older versions of Java (I had not installed ComboFix), and I have made the spring clean.
I will run Malawarebytes weekly and will install FileHippo too.
Cheers,
Lib