Avast WEBforum
Other => Viruses and worms => Topic started by: XxCompg33kxX on July 29, 2009, 12:15:29 PM
-
C:/ and ..../.../clientreport[1].html
and avast said A TROJAN HORSE WAS FOUND
-
Would u pls send it to www.virustotal.com for further analysis^^
Then post back the results here^^
Thanks^^
-AnimeLover^^
-
C:/ and ..../.../clientreport[1].html
and avast said A TROJAN HORSE WAS FOUND
Presumably this is in your temporary internet files ?
You don't say what the malware name was either, there will have been a little more than a trojan. So without more information there is no way to say what it is ?
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe
- Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry.
If from the Temporary internet files I wouldn't spend much time investigating at all, just clear the temporary internet files (using your browser)
-
It comes up every time i start and how do you clean it out in FF 3.5
-
C:/ and ..../.../clientreport[1].html
and avast said A TROJAN HORSE WAS FOUND
Presumably this is in your temporary internet files ?
You don't say what the malware name was either, there will have been a little more than a trojan. So without more information there is no way to say what it is ?
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe
- Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry.
If from the Temporary internet files I wouldn't spend much time investigating at all, just clear the temporary internet files (using your browser)
Heres a pic of the log viewer
(http://i29.tinypic.com/9tzrko.jpg)
-
XxCompg33kxX, we can't read where the file is as the column width is too narrow. Can you expand it?
Or you can open, copy and paste, from here C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log
-
XxCompg33kxX, we can't read where the file is as the column width is too narrow. Can you expand it?
Or you can open, copy and paste, from here C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log
Here u are tech
(http://i25.tinypic.com/x2vymx.jpg)
-
If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:
1. Clean your temporary files. You can use CleanUp (http://www.stevengould.org/downloads/cleanup/) or CCleaner (http://www.ccleaner.com/) for that.
2. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (http://support.microsoft.com/default.aspx?scid=kb;en-us;315222) (repeatedly press F8 while booting).
If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. It will be good if you download, install, update and run MBAM (http://malwarebytes.org/mbam.php) (or SUPERantispyware (http://www.superantispyware.com) or even SpywareTerminator (http://www.spywareterminator.com)).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
About legit antispyware applications or the bad ones see here (http://www.spywarewarrior.com/rogue_anti-spyware.htm#sites).
4. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp) for XP/Vista. For XP only: Panda (http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx).
5. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Browser hijacking and problems with antivirus update could be managed in some scenarios by cleaning the hosts file (at C:\windows\system32\drivers\etc folder). The file does not have an extention, it's simply hosts.
The default file consists of a number of example lines preceded with # The only required line is
127.0.0.1 localhost
You can get a good replacement with HostsMan that keep it clean (avoid infections) and updated: http://www.abelhadigital.com
7. After you're clean, disable System Restore on Windows ME (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887), XP (http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405) or Vista (http://support.microsoft.com/?scid=kb%3Ben-us%3B936212&x=6&y=13). System Restore is not available in Windows 9x and 2k. After disabling you can enable it again.
8. Use the immunization of SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
9. Finally, when you're clean, check for insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/) to update insecure applications and avoid reinfection.
-
If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:
1. Clean your temporary files. You can use CleanUp (http://www.stevengould.org/downloads/cleanup/) or CCleaner (http://www.ccleaner.com/) for that.
2. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (http://support.microsoft.com/default.aspx?scid=kb;en-us;315222) (repeatedly press F8 while booting).
If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. It will be good if you download, install, update and run MBAM (http://malwarebytes.org/mbam.php) (or SUPERantispyware (http://www.superantispyware.com) or even SpywareTerminator (http://www.spywareterminator.com)).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
About legit antispyware applications or the bad ones see here (http://www.spywarewarrior.com/rogue_anti-spyware.htm#sites).
4. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp) for XP/Vista. For XP only: Panda (http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx).
5. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Browser hijacking and problems with antivirus update could be managed in some scenarios by cleaning the hosts file (at C:\windows\system32\drivers\etc folder). The file does not have an extention, it's simply hosts.
The default file consists of a number of example lines preceded with # The only required line is
127.0.0.1 localhost
You can get a good replacement with HostsMan that keep it clean (avoid infections) and updated: http://www.abelhadigital.com
7. After you're clean, disable System Restore on Windows ME (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887), XP (http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405) or Vista (http://support.microsoft.com/?scid=kb%3Ben-us%3B936212&x=6&y=13). System Restore is not available in Windows 9x and 2k. After disabling you can enable it again.
8. Use the immunization of SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
9. Finally, when you're clean, check for insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/) to update insecure applications and avoid reinfection.
Thank you Tech I will try this what about if the virus presists when i have followed these steps
-
Thank you Tech I will try this what about if the virus presists when i have followed these steps
You're welcome. Maybe step 1 is a good one to delete your temporary (infected) files.
-
Thank you Tech I will try this what about if the virus presists when i have followed these steps
You're welcome. Maybe step 1 is a good one to delete your temporary (infected) files.
Tech ... I will tell my friends about you and also Tell Peeps on my forum
-
Tech ... I will tell my friends about you and also Tell Peeps on my forum
If you want to help me, don't thank me, just sign up & use (sign up only is not enough) Mozy (https://mozy.com/?ref=5PUHL3) to get 2,200 Mb for free remote backup system. Enjoy its safety!