Avast WEBforum

Other => Viruses and worms => Topic started by: dadude770 on January 21, 2012, 09:20:42 PM

Title: Trojan horse blocked by web shield
Post by: dadude770 on January 21, 2012, 09:20:42 PM
Hello, I would like to make sure that everything is fine.Avast recently blocked BV:DelFiles-AZ[Trj].This was blocked by the wonderful web shield. I did a full scan with MBAM all drives and nothing was infected.I also did a quick scan with Avast. I also checked my task manager and to me all is normal. Usual processes running etc. Also,if any professional would like the link I would be glad to give to him/her. Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Mariano :: MARIANO-PC [administrator]

Protection: Enabled

1/21/2012 10:58:11 AM
mbam-log-2012-01-21 (10-58-11).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 333489
Time elapsed: 1 hour(s), 7 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Title: Re: Trojan horse blocked by web shield
Post by: Lisandro on January 21, 2012, 09:29:49 PM
Seems you're clean due to Web Shield.

If you want more peace of mind, I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use Comodo Cleaning Essentials (CCE) (http://www.comodo.com/business-security/network-protection/cleaning_essentials.php), or MBAM (http://malwarebytes.org/mbam.php), or SUPERantispyware (http://www.superantispyware.com) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Read these instructions (http://forum.avast.com/index.php?topic=53253.msg451454#msg451454) and provide more info with the logs generated. But, please, do NOT post there, open a NEW thread for your specific problem and help us to help you.
6. Clean your Hosts file (replacing it) with HostsMan (http://www.abelhadigital.com) tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
9. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).

If the infection avoids booting the computer, take a look here http://forum.avast.com/index.php?topic=79107.0
Title: Re: Trojan horse blocked by web shield
Post by: dadude770 on January 21, 2012, 09:34:54 PM
Hello Tech, how do I delete temp files? Sorry, i'm not so experienced. Also, how do I accomplish this host file cleanse, and the system restore instruction that is all I have already completed the other instructions besides the root kit scan. However, my computer seems fine
Title: Re: Trojan horse blocked by web shield
Post by: Pondus on January 21, 2012, 09:39:43 PM
Hello Tech, how do I delete temp files? Sorry, i'm not so experienced.

TFC - Temp File Cleaner by OldTimer
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.



Quote
Also,if any professional would like the link I would be glad to give to him/her
yes please....post it none clickable  www as wxw or http as hxxp



also i would suggest you go directly to Tech`s step Nr #5  and let Essexboy check it out..
then you want have to run all those tools  ;)

 

Title: Re: Trojan horse blocked by web shield
Post by: dadude770 on January 21, 2012, 09:56:31 PM
Hey there I would be glad to give you thank link but, I can't copy paste in the web shield log.Any other way? However,I can tell you that it was a youtube page. Dang hackers infecting url's! Oh, and I will do step 5 as you said thanks!
Title: Re: Trojan horse blocked by web shield
Post by: Pondus on January 21, 2012, 10:13:12 PM
only detected by avast/Gdata

Virustotal - HTML scan 2/43
https://www.virustotal.com/file/f09afb023ab185e65de5b9ccbf6c265436dd48a39c269e7eb5d8c08975831423/analysis/1327182481/
Title: Re: Trojan horse blocked by web shield
Post by: polonus on January 21, 2012, 11:13:42 PM
The suspicious tag code on that URL:

-s.ytimg.com/yt/jsbin/www-core-vflhsQp1o.js suspicious
[suspicious:2] (ipaddr:74.125.227.0) (script) -s.ytimg.com/yt/jsbin/www-core-vflhsQp1o.js
     status: (referer=-www.youtube.com/illbbacksoon)saved 208421 bytes 3a20bd9be3ea01dfe36b135289cc991399010d94
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     info: [script] -s.ytimg.com/yt/jsbin/
     info: [script] -pagead2.googlesyndication.com/pagead/ads.js
     info: [iframe] -s.ytimg.com/yt/jsbin/
     info: [decodingLevel=0] found JavaScript
     suspicious:

polonus
Title: Re: Trojan horse blocked by web shield
Post by: dadude770 on January 22, 2012, 12:30:08 AM
The otl log is more then a 1000 characters. I will do the rest of the steps tommorrow. By the way do I have to start a new thread for e something guy to help me?
Title: Re: Trojan horse blocked by web shield
Post by: !Donovan on January 22, 2012, 12:36:33 AM
The otl log is more then a 1000 characters. I will do the rest of the steps tommorrow. By the way do I have to start a new thread for e something guy to help me?
That's why you attach the log.

Nope. He can help you right here. ;)
Title: Re: Trojan horse blocked by web shield
Post by: dadude770 on January 22, 2012, 05:20:12 AM
Ok I'll do the rest of the instruction soon it's quite late where I live.
Title: Re: Trojan horse blocked by web shield
Post by: essexboy on January 22, 2012, 05:02:52 PM
Your logs look clean - are you experiencing any problems ?
Title: Re: Trojan horse blocked by web shield
Post by: dadude770 on January 24, 2012, 03:03:59 AM
None at all I am pretty sure i'm fine! EDIT: woha MBAM just blocked an malicious ip coming out of avast.svc or something like that. Oh, and here is what it said 2012/01/23 18:05:10 -0800   MARIANO-PC   Mariano   IP-BLOCK   87.118.92.88 (Type: outgoing, Port: 49318, Process: avastsvc.exe)
Title: Re: Trojan horse blocked by web shield
Post by: essexboy on January 24, 2012, 10:27:17 PM
Aye for some reason MBAM does not like some of the Avast update servers - which is why that is turned off on my copy of MBAM
Title: Re: Trojan horse blocked by web shield
Post by: dadude770 on January 25, 2012, 02:05:52 AM
Oh, ok cool. Well, seems i'm clean you may lock this thread  ;D