Author Topic: What Is This  (Read 5188 times)

0 Members and 1 Guest are viewing this topic.

Offline -midnight

  • Super Poster
  • ***
  • Posts: 1385
  • Firefox User
What Is This
« on: September 21, 2012, 11:47:03 AM »
avast! blocked the virus:
hxxp://urlfilter.vmn.net/vmnsbf/data/120921093944-m.zip|1209...

Virus Lab research shows that more than 80% of malware (viruses, trojans, worms, spyware) now spreads via the internet. More notably, only 1% of this number comes from suspicious or ‘dodgy’ sites – about 99% spreads via legitimate websites that have been hacked.

We’ve got your back.

The only websites I've been on this am. is Facebook and this forum.  In fact this popped up while I was on the forum.
« Last Edit: September 21, 2012, 12:22:52 PM by -midnight »
Some people tend to forget that kindness and manners are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71862
  • No support PMs thanks
Re: What Is This
« Reply #1 on: September 21, 2012, 12:13:12 PM »
Please 'modify' your post change the URL from http to hXXp, to break the link and avoid accidental exposure to suspect sites, thanks.

The fact that you get a pop-up on a specific site doesn't necessarily mean the malware is on that site. There is more to it than that. Depending on the browser you can have add-ons (some which might be malicious, redirecting urls in the browser).
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2218 R2-SP2/ Outpost Firewall Pro9.1/ Firefox 38.0.1, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.6/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline adotd

  • Sr. Member
  • ****
  • Posts: 278
Re: What Is This
« Reply #2 on: September 21, 2012, 12:24:01 PM »
Look at pic bellow ;)

Offline -midnight

  • Super Poster
  • ***
  • Posts: 1385
  • Firefox User
Re: What Is This
« Reply #3 on: September 21, 2012, 12:29:33 PM »
I was on and still am using the Flock browser which is the browser I use to access this forum.  As far as I know I don't have any add on's on this browser.
Some people tend to forget that kindness and manners are free.

Offline adotd

  • Sr. Member
  • ****
  • Posts: 278
Re: What Is This
« Reply #4 on: September 21, 2012, 12:32:08 PM »
Hi -midnight

When you get the alert can you take a print screen and post it here  8)


Offline -midnight

  • Super Poster
  • ***
  • Posts: 1385
  • Firefox User
Re: What Is This
« Reply #5 on: September 21, 2012, 12:34:20 PM »
Hi -midnight

When you get the alert can you take a print screen and post it here  8)

I don't know how to do that.
Some people tend to forget that kindness and manners are free.

Offline adotd

  • Sr. Member
  • ****
  • Posts: 278
Re: What Is This
« Reply #6 on: September 21, 2012, 12:48:29 PM »
If you look on keyboard, you will see a key that looks like the one circled in the picture bellow

When you get the alert press that, it will take a printscreen for you

Next

Click Start
Click All programs
Click Accessories
Click Paint


on your keyboard press

CTRL + V

this will paste the screenshoot to paint

*You may need to crop the image*

Click File
Click Save as
Give it a name
Then click on save

Once done attach it here
« Last Edit: September 21, 2012, 12:50:56 PM by adotd »

Offline -midnight

  • Super Poster
  • ***
  • Posts: 1385
  • Firefox User
Re: What Is This
« Reply #7 on: September 21, 2012, 01:07:23 PM »
nfection Details
URL:   hxxp://urlfilter.vmn.net/vmnsbf/data/120...
Process:   C:\ProgramData\Anti-phishing Domain Advi...
Infection:   JS:ScriptSH-inf [Trj]

This just popped up.
Some people tend to forget that kindness and manners are free.

Offline adotd

  • Sr. Member
  • ****
  • Posts: 278
Re: What Is This
« Reply #8 on: September 21, 2012, 01:12:26 PM »
Hi  -midnight

Follow the guide and attach the logs.

http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

Best Regards

Anthony

Offline -midnight

  • Super Poster
  • ***
  • Posts: 1385
  • Firefox User
Re: What Is This
« Reply #9 on: September 21, 2012, 01:58:25 PM »
I just ran a full scan and it didn't show any threats.
Some people tend to forget that kindness and manners are free.

Offline adotd

  • Sr. Member
  • ****
  • Posts: 278
Re: What Is This
« Reply #10 on: September 21, 2012, 02:03:11 PM »
Hi  -midnight

Follow the guide and attach the logs.

http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

Best Regards

Anthony

Follow the following  8)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71862
  • No support PMs thanks
Re: What Is This
« Reply #11 on: September 21, 2012, 03:42:57 PM »
@ -midnight
Is this a program that you have installed C:\ProgramData\Anti-phishing Domain Advi... (presumably the last bit is Advisor) ?
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2218 R2-SP2/ Outpost Firewall Pro9.1/ Firefox 38.0.1, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.6/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline midnight2

  • Newbie
  • *
  • Posts: 12
Re: What Is This
« Reply #12 on: September 21, 2012, 04:19:30 PM »
@ -midnight
Is this a program that you have installed C:\ProgramData\Anti-phishing Domain Advi... (presumably the last bit is Advisor) ?

Anti-phishing Domain Advisor was already on my computer when I set this computer up on June 6 of this year.

I'm surprised that I was even able to post because now it's showing login or register.  This makes no sense.






« Last Edit: September 21, 2012, 04:23:01 PM by midnight2 »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71862
  • No support PMs thanks
Re: What Is This
« Reply #13 on: September 21, 2012, 05:02:46 PM »
Try finding and disabling the Anti-phishing Domain Advisor and see if this is what is causing the problem.

Personally I don't see the need for a dedicated Anti-phishing application as the avast Network Shield malicious sites list is likely to cover phishing sites as many are likely to be malicious. Depending on your browser, it may have anti-phishing built in. You can also consider using the OpenDNS.com as your DNS server it has a dashboard function with many categories you can block at DNS server level, Phishing being one and other parental control settings, http://www.opendns.com/start/ for more info. 
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2218 R2-SP2/ Outpost Firewall Pro9.1/ Firefox 38.0.1, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.6/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline -midnight

  • Super Poster
  • ***
  • Posts: 1385
  • Firefox User
Re: What Is This
« Reply #14 on: September 22, 2012, 12:07:30 AM »
Try finding and disabling the Anti-phishing Domain Advisor and see if this is what is causing the problem.

Personally I don't see the need for a dedicated Anti-phishing application as the avast Network Shield malicious sites list is likely to cover phishing sites as many are likely to be malicious. Depending on your browser, it may have anti-phishing built in. You can also consider using the OpenDNS.com as your DNS server it has a dashboard function with many categories you can block at DNS server level, Phishing being one and other parental control settings, http://www.opendns.com/start/ for more info.

Why would this even be installed on my new computer if it was going to cause a problem?
Some people tend to forget that kindness and manners are free.