yahoo inbox..trojan horse

[buffy_92]

hi everyone.
recently i receveid an email from yahoo, i don't  remember how sounds like, i deleted it, because i wasn't interested.(i didn't open it).
and after that avast reported me this:

URL:   http://optimized-by.rubiconproject.com/a...
Process:   C:\Program Files\Mozilla Firefox\firefox...
Infection:   HTML:Iframe-AMG [Trj]

And now...is still show me that pop out with it, when i;m tryin to acces yahoo mail.
Nothing at scan search, no suspicious procesess..
What can i do for that pop out? it;s getting me nervous..

[Pondus]

follow guide and attach logs.   http://forum.avast.com/index.php?topic=53253.0

[buffy_92]

no ofense, but i don't use mbam and otl.(last time when i used it i had some problems).

[polonus]

Hi buffy_92,

Read this: http://www.securelist.com/en/descriptions/7101543/Trojan-Clicker.HTML.IFrame.amg
and see whether your host file has been tampered with trojan clicker
Use system restore to get your computer to an earlier clean state:
http://www.precisesecurity.com/tools-resources/troubleshooting/restore-windows-vista-or-windows-7-to-an-earlier-date/

polonus

[buffy_92]

ok thanks 

[Pondus]

OTL is the most important log to see what the problem is.....if in your computer

your AdwCleaner log say search.....you have to run it and click the delete button to remove all the crap files lised

[kizayoma]

i have the same problem, it starts 2 hours ago. in opera and chrome. i think its a false positive, because avast is blocking some yahoo commercial pop up.
"The connection to optimized-by.rubiconproject.com was interrupted."
somebody from avast here to check it?

[Michael (alan1998)]

https://www.virustotal.com/en/url/e21206f763993b027759195f931344638deb4187b7d2b79c0cd5c0c3494284cc/analysis/1370605909/

That's a site Analysis of http://optimized-by.rubiconproject.com/. Seems to be nothing wrong with it. I'll check the school proxy see if it blocks it. (It'll block just about anything malicious).

Edit: http://optimized-by.rubiconproject.com/  Seems to be down. Either it was infected and is now being cleaned, or the redirect never worked

And No I am not an Avast Staff member. A regular user online from the last 5 ish days.

1 more edit; I'm looking further into the report, at some point in time it was hosting a virus or worm and the Verdict was indeed Malicous. But the scanners lined up for this didn't detect anything.

[Doebi]

This alert is also hitting on ANY quickmeme page. I'd be really interested to know if someone of these sites have been compromised or if this a string of similar false positives.

[Michael (alan1998)]

WHat is a quick meme page? If you can give me a URL to it I can run it through Virus Total and see what it says. A recent version of Avast did detect a Trojan in Facebook which was a FP. Could be the same case. But if you want it check I need URL's to scan.

[Michael (alan1998)]

(Quickmeme/popular) https://www.virustotal.com/en/url/5ad88343fac37f996904ea9b3f8f2a73ac88db34d3d36dd1356901dfc76f9711/analysis/1370607219/

(Quickmeme/)
https://www.virustotal.com/en/url/89fbe9ab2a71707f5c161f50e05bf154396cbb435449ea7d9eea60246e0303d9/analysis/1370607301/

(Qucikmeme/random)
https://www.virustotal.com/en/url/b73ccf79918b736e4e8039821be4f4abea97608cd620e6fcbed78fbe927812aa/analysis/1370607355/

(Quickmeme/myfavourites)
https://www.virustotal.com/en/url/8dab0e4f47ffacf649f4be88f281876c940a251a33196fce0d3d74fbd037762e/analysis/1370607397/

I think I've just about shown this is a False Positive by now. My School proxy which blocks any social media site and malicious site didn't block any of the above. I think either your browser is infected, or a False Postive.

[kizayoma]

please look attached file

[Michael (alan1998)]

What is the full link? I'll scan it.

[kizayoma]

What is the full link? I'll scan it.

http://optimized-by.rubiconproject.com/a/9061/15299/33343-9.html?%26rnd

[Michael (alan1998)]

https://www.virustotal.com/en/url/19b2593e66ff011e32556a042ecb87893c669bbe98d42f6ceb55083e804190a5/analysis/1370613160/

Deemed clean. However at some point in time Bitdefender deemed it Malicous for Badware (Ransomware, Torjans etc) It lookeds to be clean right now though.