Author Topic: I have contracted the trkjmp virus - All logs posted  (Read 2728 times)

0 Members and 1 Guest are viewing this topic.

Offline Sightseek3r

  • Newbie
  • *
  • Posts: 12
I have contracted the trkjmp virus - All logs posted
« on: September 18, 2012, 04:31:21 AM »
Hi first time using these forums, so please bear with my lack of familiarity with how things are done around here ::)

I ran MBAM and not only did it not get rid of the problem, it didn't even find a problem.
Starting from the moment I post this, I am following the steps outlined in this thread: http://forum.avast.com/index.php?topic=53253.0

I will attach the log from AdwCleaner here as soon as I run it and obtain the log following reboot!

Edit: I am running Windows 7 Home Premium, and the problem occurs when I load webpages in Chrome. Hope that helps some
« Last Edit: September 18, 2012, 06:30:40 AM by Sightseek3r »

Offline Sightseek3r

  • Newbie
  • *
  • Posts: 12
Re: I have contracted the trkjmp virus
« Reply #1 on: September 18, 2012, 05:24:21 AM »
Had to fix my computer so that it stopped trying to open .txt files with cmd.exe... Boy was that a pain in my ass.

Anyway: AdwCleaner log attached!

Will work on getting the MBAM log next.

Offline Sightseek3r

  • Newbie
  • *
  • Posts: 12
Re: I have contracted the trkjmp virus
« Reply #2 on: September 18, 2012, 05:34:05 AM »
Once again, my MBAM did not detect any infected files.

Still, I have attached the MBAM log.

Moving on to OTL.

Offline Sightseek3r

  • Newbie
  • *
  • Posts: 12
Re: I have contracted the trkjmp virus
« Reply #3 on: September 18, 2012, 05:57:03 AM »
Alright, the OTL and Extras logs are now attached.

Next up is aswMBR

Offline Sightseek3r

  • Newbie
  • *
  • Posts: 12
Re: I have contracted the trkjmp virus
« Reply #4 on: September 18, 2012, 06:05:13 AM »
Alright, the moment of truth (actually that would probably be the testing of any sort of solution to this problem. Alas, I digress)

Attached is the aswMBR log.

I am in your capable hands, avast moderator peoples

Offline Sightseek3r

  • Newbie
  • *
  • Posts: 12
Re: I have contracted the trkjmp virus - All logs posted
« Reply #5 on: September 18, 2012, 09:10:17 AM »
It may or may not be worth mentioning that the pop-up that avast! has blocked this particular virus no longer pops up. Others dealing with this issue have noticed this as well. I'm worried that means that it found a way around avast! or something  :o

Offline mchain

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2639
  • Spartan Warrior
Re: I have contracted the trkjmp virus - All logs posted
« Reply #6 on: September 18, 2012, 11:12:43 AM »
Hi Sightseek3r,

A certified volunteer malware removal expert has been notified. 

You should see new activity on your post within a few hours.  Logs are needed to see the malware, what it is, where it is, and how best to proceed.  You will be in good hands, but please be patient as the person contacted likely lives in another time zone than you do.
WOT (Web Of Trust) Browser reputation-based add-on http://www.mywot.com/

Offline Sightseek3r

  • Newbie
  • *
  • Posts: 12
Re: I have contracted the trkjmp virus - All logs posted
« Reply #7 on: September 20, 2012, 12:10:29 AM »
I would still love some help with this problem. I was reading other posts by people with the same problem as mine and they similarly noticed that the avast! pop-up was no longer appearing. However, the trkjmp URL:Mal was still appearing in the active shields

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26011
Re: I have contracted the trkjmp virus - All logs posted
« Reply #8 on: September 20, 2012, 12:22:30 AM »
seems they have missed your post .... i will send them a PM so they see it when they arrive
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35429
  • Dragons by Sasha
    • Malware fixes
Re: I have contracted the trkjmp virus - All logs posted
« Reply #9 on: September 20, 2012, 05:33:26 PM »
My apologies for missing you, I thought I had replied..

First could you confirm that it is Chrome only

If so could you run Chrome in incognito mode.. And check to see if they have gone  http://support.google.com/chrome/bin/answer.py?hl=en&answer=95464

Offline Sightseek3r

  • Newbie
  • *
  • Posts: 12
Re: I have contracted the trkjmp virus - All logs posted
« Reply #10 on: September 20, 2012, 07:44:36 PM »
And check to see if they have gone

By they, do you mean the avast! notification pop-ups? Because they already stopped appearing a couple days ago, even in regular Chrome. Is there another way to check whether avast! is still blocking the trkjmp virus if it doesn't give me pop-ups anymore?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35429
  • Dragons by Sasha
    • Malware fixes
Re: I have contracted the trkjmp virus - All logs posted
« Reply #11 on: September 20, 2012, 07:49:38 PM »
That was in part a false positive, the domain is owned by amazon but it had a subdomain with crossrider.  Avast is now only blocking the sub domain.  And there is no indication of crossrider on your system.  Almost everyone else had it though

But you look clean

Offline Sightseek3r

  • Newbie
  • *
  • Posts: 12
Re: I have contracted the trkjmp virus - All logs posted
« Reply #12 on: September 20, 2012, 08:09:15 PM »
Not to second guess you but are you sure?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35429
  • Dragons by Sasha
    • Malware fixes
Re: I have contracted the trkjmp virus - All logs posted
« Reply #13 on: September 20, 2012, 08:27:48 PM »
Yes as we had a surge of them over the weekend, and I think it was only three that did not have crossrider and the alerts ceased for those when Avast updated (You were one of them)


Offline Sightseek3r

  • Newbie
  • *
  • Posts: 12
Re: I have contracted the trkjmp virus - All logs posted
« Reply #14 on: September 20, 2012, 08:46:07 PM »
Great! Thanks for the help then :)