Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Shortiehi5 on July 29, 2008, 09:19:37 PM
-
Hi ! i have avast and it has warned me about malware. I go regularly to my favs i have like the BC SPCA sites to help out and look at the pups (looking for a pup too) but i had not been in 3 days and as i did i got this MALWARE warning from avast ''this is very good'' but i still can not get into the SPCA"S at all now with out this popping up every time ? please help thank yu very very much!!
-
Are you talking about this site? -> spca.bc.ca
I'm not using Avast on this machine, but I can't connect to the site.
Are you sure it was an Avast pop-up and not some fake one from the site?
-
hi ' well no i i am not sure its from my puter or because of them ?? how do i figure it out? once i disconnect when Avast warns me i can get in but this pops up all the time now thank you very much
Shortie.
-
Hello ' i forgot to answer your Q ? 'no i'am not sure if its a fake one from the site how do i find out? i called them they said what is malware? ok thank yu Shortie
-
This is what it looks like :)
(http://xona.com/postattachments/avast_blocks_alexa_2.png)
-
Ok it looks the same only it says Malware and it says disconnect instead of no action....does it mean its a fake? thanks
-
No, it is Avast allright, not fake, but I don't know if it is a false positive by Avast or a true threat.
If you can post a screenshot of the pop-up and provide a link to the site that causes the pop-up.
-
Ok it looks the same only it says Malware and it says disconnect instead of no action....does it mean its a fake? thanks
This is the one, Web Shield blocking a file/page from being downloaded, the only option given is abort connection, which stops it getting on to your system.
What is the malware name givin in this detection ?
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections.
The reason I ask is that Linkscanner and DrWeb don't find anything at the hXXp://www.spca.bc.ca/ address. Though there is a heavy use of javascript on that site and one which might look suspicious to the web shield scanner, though I don't think it is.
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
Other than that I don't see anything obvious unless it is on an external .js file, I don't normally browse with scripting enabled so I didn't get an alert when I visited the page. OK I temporarily enabled scripts and I didn't get an alert.
So we need confirmation of the location that Pico asked and you can get all that from the log viewer that I mentioned, we need more information.
-
hello ' every one ' i am sorry it took me so long to come back ' i had a hard time finding this place again .and also learning on how to post in here! thank you for your help and i know i made you wait am sorry' !!
i have to learn on how to get a screen shot , and i did make a copy for Hijack & i need to learn on how to post the link ,for where the malware pops up from..... so i will be back but in a bit ok and soooo many ty's !!! please know i do so appreciate it. Shortie ..will be back
-
Hello ' again............. I went to try and get a screen shot of this malware that shows up when i go to http://spca.bc.ca but now it won't show up. After all this it is ok now ..SO i went into every SPCA site to look at the dogs and no malware is showing up.
The 1 st day i got malware i phoned the spca and they said what's malware? but now 3 days later and i can get into all the SPCA"S Is it possible it was from them ? and they fixed their malware ? i am not a computer person and don't know much so please excuse my Non existing knowledge...
Pico ...can you get into the site now? And any advice you can give me ? i would thank you very much!! . soooo many tys!!!! i will be back in the morning !! mean while will try to learn how a screen shot is done & a hijack log too.!!! very kind of you to help!!! Shortie..
-
Yes I can get into the site today :)
Yesterday it wouldn't load!
-
Well the site loads for me today as it did yesterday and no alerts.
For How To post a screen shot check out this old topic, http://forum.avast.com/index.php?topic=6588.0 (http://forum.avast.com/index.php?topic=6588.0), old but still relevant.
-
Hi am back & thank you for the screen shot link!! great i needed it!! i will be back thursday. tyty :)
-
You're welcome, until then.
-
Hi i was wondering where to attatch the hijackthis copy? i did one on the 29 th and don't knowhow '' i went to insert image but i get image words on line is all tyty
-
When you click the Reply button, there is an Additional Options link, this expands the options to attach a file, that can be an image file or a text file (.log or .txt).
It is the same as the How to post a screen shot info link I gave earlier, you just navigate to the hijackthis.log file and select that.
-
Hi i was wondering where to attatch the hijackthis copy? i did one on the 29 th and don't knowhow '' i went to insert image but i get image words on line is all tyty
With the marvels of copy-n-paste
Run HijackThis and select Do a system scan and save the logfile then when in Notepad click on Edit then Select all ( Ctrl+A ) then Copy ( Ctrl+C ) then Paste ( Ctrl+V ) into an open reply to your post here.
How To Copy n Paste:
http://www.royhooper.com/copy.html
-
Hi & thank you for the info' and much appreciated !''But it says i can not as its over 10000 charachters? can this happen ? ty Shortie
-
Hi i have 'i hope attached my hijackthis file !! lol am so new to forums so sorry if i 'am or seem confused , but its slow but hope to get there!!lol ty all!!!
-
You attached it OK, twice ;D
I assume they are the same, I've only opened the last one.
I don't know where you got your copy of HJT but it is out of date, get it here:
FileHippo Download - HiJackThis (http://filehippo.com/download_hijackthis/) and post the contents of the HJT log file here. This file is an executable installation file so you won't have to unzip and extract the files it will create its own program folder.
Here is a helpful tutorial - HJT Information HiJackThis Tutorial (http://www.bleepingcomputer.com/forums/tutorial42.html).
So it would be best to get the new version and run the log again, now you know how to attach it.
If this entry appears the next time you Run HJT it can be fixed.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Other than that I don't see anything obvious, but we can check again when you run the latest version of HJT.
Also you don't appear to be running an active firewall, or it is disabled or it is the XP firewall.
Your firewall should be capable of blocking unauthorised outbound Internet Connections.
Windows XP's firewall is better than no firewall but, it lulls you into a false sense of protection, it doesn't provide outbound protection. Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.
Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.
-
If this entry appears the next time you Run HJT it can be fixed.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
That is Windows Live Messenger related, it's ok. More info here (http://www.castlecops.com/tk32132-htc_8_1_0178_00_dll.html).
-
Thanks, you have to wonder why they are so obscure in the naming of it.
As Shortiehi5 was running an old version of HJT that may be why it shows the (no file) as it used to report similar issues with avast. This is also why I said to check against the next run of HJT.
-
I have a WinPatrol Hijack log which also doesn't give any info, just O2 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045}.
I guess Micro$oft doesn't really bother with names :P
-
Yes, but it doesn't give the (no file) suffix, which was a common problem with the old 1.99 version of HJT. Not so much of a problem with HJT 2.0 and usually if that reports (No file) it is a redundant entry.
-
;D Here is a big Grin as i am happy i have attached it !!lol ''but 2 times lol ok i now know how...So i work in the morning ''just friday mornings so i'll have to go and get some ZZZZZEEeeeZZ for now ' i'll be back on friday night 'i hope unless the dog eats my connection, while i am gone...no she sleeps as she pouts when i leave her lol >>.. But hey you all have been simply amazing!! i wish i could do some thing for all of you!!! ty so very much!!!! And i will do what you all have so sweetly asked me to do !!and get back with it !!tyty..Shortie :)
-
Hi i am back and i am hoping this was done right! lol please feel free to let me know thank you ever so much!! I never thought i could do this you are all amazing with being so helpful!!tyty Shortie
-
Shortiehi5 close all browser windows then select the following then Fixed checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <== make the home page Google as it loads a lot faster
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
-
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Do NOT delete this one! It's Windows Live Messenger related, see 7-8 posts above ;)
But why delete all the other stuff? The default pages and stuff in IE that is.
-
PiCo
I went to the posts labeled reply 7 and 8 on page 1
what exactly are you referring to?
-
PiCo
I went to the posts labeled reply 7 and 8 on page 1
what exactly are you referring to?
No, I ment in this page :)
That would be reply number 20!
Going to sleep now, have a good night!
-
??? hello every one ' gee i am sorry i read your posts and i don't understand.... do i have malware? and if i click on checked fixed , will this delete all? could you tell me what ones i delete ? maybe i just don't ''get it yet ..please & thanks sorry i'am soo slow to get things !!Shortie..
-
gee i am sorry i read your posts and i don't understand.... do i have malware?
It looks like your system does not have malware.
It looks like you have not installed Service Pack 3 ( SP3 ) yet.
In IE go to Tools then Windows Update then run Windows update to download and install SP3.
The entries to be removed by HijackThis are mainly cosmetic and not urgently needed to be removed.
-
ok thank you this is me ;D very happy !! i will install the pack!! wishing you all the best !!and soooo nice of you to help us all here!! i will drop in to say a good hello now and then!!!Shortie!!
-
thanks Shortone
after you get SP3 then the Secunia Advisor and get everything up to date especially java and adobe
system running well generally?
more ram?
-
Hi and thank you Yes more ram !! i need it.. but i got one more spot of trouble !! i got a warning about this one (and please do not touch it or Dl it ok....warning its bad am sure i had to get rid of this i put it in chest is this ok? ((( IRC: malware-gen )))) i never heard of this ..i have been on the puter for 6 yrs and this is the 2nd time i have aprob so i figure its not too bad.. any info on this please my friend's son wanted to see this site and hence the malware... :-[ shortie was it ok to put the name on here? i hope it was don't wanna make a mess ty
-
If you break down the malware name given, the IRC part, something that would come through Internet Relay Chat, the 'Malware' is unspecified (trojan/spyware/adware, etc.) as it is detected by a generic (-gen) signature.
The generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware.
-
Since it is a -gen it may be a hit or a false positive
do the upload to virus total thing and also send to avast
good on ya shortie
-
:)ok i thank you !! glad to be here and lov all the help you so wonderfuly give out!! Very helpful place!!! tyty Shortie.. i put the malware name as i thought it might be helpful to others !!