Author Topic: "A threat has been detected"  (Read 4672 times)

Offline Lib

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
"A threat has been detected"
« on: July 29, 2011, 07:32:19 AM »
Hello all,

Well, the title of this thread is roughly how I would translate this message that has kept popping up on my Avast for the past few days (I am a European French-speaker, hence Avast is set up in French here :-p)

The threat in question seems to be malware (a "malicious url address") and/or a trojan horse, depending on the moment.

I have followed the advice given in the top thread of this section, i.e. I have downloaded Malwarebytes and made a full scan (after the quick scan had found nothing).

Two suspicious elements were found, which I promptly deleted.

Unfortunately, the warning message has kept coming back, so I have performed a second full scan and once again deleted the suspicious elements.

After this I have downloaded OTS, scanned my PC with it and downloaded the log (should I post it here?).

Needless to say that the "threat" keeps coming back...I even received 14 such messages consecutively at one point..

As I use this computer mainly for work, any help from you would be greatly appreciated (please bear in mind that I am not exactly a tech or computer-savvy person...so if you could keep your explanations somewhat simple and detailed, I would be doubly grateful to you :-))

Thanks in advance!

Offline Gargamel360

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2357
  • Gender: Male
  • Memento Mori
    • Personal Message (Offline)
Re: "A threat has been detected"
« Reply #1 on: July 29, 2011, 07:35:06 AM »
After this I have downloaded OTS, scanned my PC with it and downloaded the log (should I post it here?).
Yes, this is the place to post it.  Use the attachment function (see "additional options" when you are making a post).
Signature?  But I gots no pen....

Offline Lib

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
Re: "A threat has been detected"
« Reply #2 on: July 29, 2011, 08:13:19 AM »
Thank you for your response, Gargamel.

Things are becoming even more fun in the meantime.

I made a new scan with OTS in order to have a fresh new log, but when I wanted to save the log in my appropriately created OTS file, the ANSI format was unavaliable (the box is just blank).

And when I open the OTS file or try to upload my log on here, the log doesn't appear! The folder is empty, as if I hadn't saved anything at all (which I guarantee I did...I even re-made a OTS scan, deleted the previous logs, saved it in several locations...but to no avail...the log get saved...but doesn't exist :-s..

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21774
  • Gender: Male
    • Personal Message (Offline)
Re: "A threat has been detected"
« Reply #3 on: July 29, 2011, 09:00:54 AM »
Delete
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Lib

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
Re: "A threat has been detected"
« Reply #4 on: July 29, 2011, 09:14:51 AM »
Hi Pondus,

Not sure whether that is an advice or whether you've deleted your own post..

If you mean that I should delete the OTS logs, I have. At least it seems so since the folder is empty when I open it...

Too bad it isn't when I try to save a new OTS log in said folder (in that case the previous logs do appear!)..

Basically I cannot delete OTS logs that otherwise appear invisible, and when I save new ones, they become invisible too.

All very confusing...and Avast's malware warnings keep popping up :-p

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21774
  • Gender: Male
    • Personal Message (Offline)
Re: "A threat has been detected"
« Reply #5 on: July 29, 2011, 09:24:03 AM »
it was just me not reading your first post good enough, so i deleted the txt  

anyway it will be some time before essexboy is here...he is the OTS expert
he is usually in here at 08:00pm - 11:59pm uk time  


have you tried to run a boot time scan with avast first ?
if it find and remove anything, then try OTS again...could be some new malware that is blocking OTS


OBS: you should also post the log from Malwarebytes scan, so Essexboy can see what was found/removed


« Last Edit: July 29, 2011, 09:27:49 AM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Lib

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
Re: "A threat has been detected"
« Reply #6 on: July 29, 2011, 09:43:20 AM »
Thank you Pondus.

Well it seems that I can at least have access to and post the Malawarebytes log, so in the meantime here it is.

Regards,

Lib

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21774
  • Gender: Male
    • Personal Message (Offline)
Re: "A threat has been detected"
« Reply #7 on: July 29, 2011, 09:52:42 AM »
your malwarebytes was not updated when you did the scan..
your database: 7257  Latest database: 7315

MBAM can have 10 updates on a day, so always hit the update button before you start scanning

so update scan again, post new log if anything is found/removed
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Lib

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
Re: "A threat has been detected"
« Reply #8 on: July 29, 2011, 10:12:17 AM »
Ok thanks I will do that.

Incidentally, I also have Ad-Aware on my computer from way back...is there a risk of conflict between the latter and Malwarebytes? if so, should I unisntall Ad-Aware?

Thanks in advance.

Offline Lib

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
Re: "A threat has been detected"
« Reply #9 on: July 29, 2011, 10:43:19 AM »
Ok so I've updated Malawarebytes and done a quick scan. Two more elements were found (trojans). Attached is the log.

Avast on the other hand didn't find anything, once again...and lo and behold, I've just had my first "threat detected" :-p..
« Last Edit: July 29, 2011, 10:50:13 AM by Lib »

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29059
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: "A threat has been detected"
« Reply #10 on: July 29, 2011, 04:59:37 PM »
Hi there lets using a different variant then - this will download as a screensaver  ;D so if you use firefox then right click the link and select save as - do not let Avast sandbox this programme, run it normally - Attach the logs to your next post please 

Download OTL  to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Offline Lib

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
Re: "A threat has been detected"
« Reply #11 on: July 29, 2011, 11:03:58 PM »
Hello Essexboy,

Thank you for your reply.

I don't use Firefox and I didn't seem to find any link...HOWEVER this morning I am able again to download the log in ANSI format AND see it appear in its folder. So hereafter it is.

Looking forward to your precious help,

Lib

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29059
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: "A threat has been detected"
« Reply #12 on: July 30, 2011, 11:19:52 AM »
OK not a lot showing there so I will empty your temp files and check the MBR first

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]

[Unregister Dlls]
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
 
Double click the aswMBR.exe to run it
 
Click the "Scan" button to start scan
 
 
On completion of the scan click save log, save it to your desktop and post in your next reply


Offline Lib

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
Re: "A threat has been detected"
« Reply #13 on: July 30, 2011, 12:38:14 PM »
Hello Essexboy,

I have performed the run fix with OTS as you recommended. After a (somewhat long) while, I received a message saying that OTS had stopped working.

I turned off my computer and upon turning it on again this log (attached) opened up automatically.

Before I proceed with the next step, could you tell me if said log is of any use to you? If not, should I retry the scan fix before downloading aswMBR?

Thanks in advance.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29059
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: "A threat has been detected"
« Reply #14 on: July 30, 2011, 05:17:12 PM »
You had a multitude of temporary files on your system - this was why it appeared to stall

Lets run another quicker programme to clear the temps and then run aswMBR

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.  Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now