Author Topic: Trojan found in cache  (Read 5599 times)

0 Members and 1 Guest are viewing this topic.

Godeszila

  • Guest
Trojan found in cache
« on: May 13, 2011, 10:35:35 PM »
Avast free 6.0.1125
def 110513-1

On my laptop Avast found a Trojan in the Firefox cache during a scheduled scan. All shields are always running, and the program and virus definitions are set to self update, as well as vista.
Avast put the Trojan in the virus chest. But Avast found something the last 3 scheduled scans, each in different places. Before that I had a different anti-virus(kapersky- but FF didn't like it). Do I need to be concerned?
I ask because on my home computer Avast never finds anything and I visit the same websites with that computer. Avast has been installed on my home computer since I got it.
And why would the Trojan make it into the cache if the web shield is running? The Trojan wasn't found until a scan was run.


Thanks for taking the time to help a noob.

One more unrelated question, can I have Malwarebytes installed at the same time as Avast without conflict?
 
« Last Edit: May 13, 2011, 11:04:59 PM by Godeszila »

MAG

  • Guest
Re: Trojan found in cache
« Reply #1 on: May 13, 2011, 11:36:08 PM »
Well, I can answer one of your questions.

Yes, you can have malwarebytes and avast, and I suggest you do install malwarebytes (if you don't already have it), run a scan, and post the results back here. I'm sure someone will be along to advise.

If you have avast pro (real time protection), I don't bother with any exclusions between mbam and avast other than the one suggested by DavidR - exclude the folder C:windows\temp\_avast. I see no conflicts

Godeszila

  • Guest
Re: Trojan found in cache
« Reply #2 on: May 14, 2011, 01:04:56 AM »
if I don't have pro, ( I don't) what are the exclusions? please post the "for dummy's" version of instructions.  :-\

Here is the malwarebytes log

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89333
  • No support PMs thanks
Re: Trojan found in cache
« Reply #3 on: May 14, 2011, 01:59:33 AM »
With the free version of MBAM it isn't so critical to add the c:\windows\temp\_avast_ folder to the MBAM Ignore List, but it won't hurt.

This Ignore List entry is more for the Pro MBAM version as it is resident and would be scanning files that avast sends there to scan. I only have this on the system were I have MBAM Pro, but not on this one with MBAM free (on-demand).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Godeszila

  • Guest
Re: Trojan found in cache
« Reply #4 on: May 14, 2011, 09:53:21 AM »
ok, thank you. :)


so back to my first question...? ???

SafeSurf

  • Guest
Re: Trojan found in cache
« Reply #5 on: May 14, 2011, 11:49:49 AM »
You can rescan what is in the Virus Chest by right clicking on it (make sure your Avast definitions are updated first).  If the scan comes out clean, just delete the cache file.  Normally we recommend keeping files in the Chest longer, but since you state it is cache, it can be deleted if it is clean.  You can also upload the files to Avast to make sure it is real or a FP; and this is done at the next virus definitions update.

MAG

  • Guest
Re: Trojan found in cache
« Reply #6 on: May 14, 2011, 12:43:03 PM »
Not sure whether people had noticed the OPs mbam log - I've reprinted it below. Apologies if you had already seen it. It's not clear if he's actioned the mbam registry findings.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6569

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

5/13/2011 3:24:55 PM
mbam-log-2011-05-13 (15-24-41).txt

Scan type: Quick scan
Objects scanned: 177085
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> No action taken.

Folders Infected:
c:\Users\mercasaurus\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi) -> No action taken.
c:\Users\mercasaurus\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome (PUP.PlaySushi) -> No action taken.
c:\Users\mercasaurus\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components (PUP.PlaySushi) -> No action taken.

Files Infected:
c:\Users\mercasaurus\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest (PUP.PlaySushi) -> No action taken.
c:\Users\mercasaurus\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf (PUP.PlaySushi) -> No action taken.
c:\Users\mercasaurus\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlinks.jar (PUP.PlaySushi) -> No action taken.
c:\Users\mercasaurus\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.dll (PUP.PlaySushi) -> No action taken.
c:\Users\mercasaurus\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.xpt (PUP.PlaySushi) -> No action taken.
« Last Edit: May 14, 2011, 01:28:25 PM by mag »

Godeszila

  • Guest
Re: Trojan found in cache
« Reply #7 on: May 16, 2011, 04:54:05 AM »
No, I didn't see that it said to do anything?

SafeSurf

  • Guest
Re: Trojan found in cache
« Reply #8 on: May 16, 2011, 09:00:58 AM »
Update MBAM again and rescan it.  When it asks what to do, put infected items into quarantine.  Do NOT delete.  You can always get items out of quarantine if needed.

Cut and paste your new MBAM log or add it as an attachment to your next post.

Let us know how your machine is behaving after running this second scan.  Thank you.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89333
  • No support PMs thanks
Re: Trojan found in cache
« Reply #9 on: May 16, 2011, 01:22:16 PM »
MBAM doesn't ask what to do (it doesn't mention quarantine) as such, it pre-checks any of the detection and you choose from the Action buttons.

The Remove Selected button is somewhat misleading as it sends then to Quarantine and doesn't actually remove/delete them (just moves the entries into quarantine), see image example.

So you need to run MBAM again and this time click the Remove Selected button.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Godeszila

  • Guest
Re: Trojan found in cache
« Reply #10 on: May 19, 2011, 08:55:37 PM »
Everything is running fine now, thanks for the help.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89333
  • No support PMs thanks
Re: Trojan found in cache
« Reply #11 on: May 19, 2011, 09:02:27 PM »
No problem, glad I could help.

A belated welcome to the forums.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security