Author Topic: What Is This  (Read 4124 times)

Offline -midnight

  • Advanced Poster
  • **
  • Posts: 1110
  • Gender: Female
  • Bella Bella
    • Personal Message (Offline)
What Is This
« on: September 21, 2012, 09:47:03 AM »
avast! blocked the virus:
hxxp://urlfilter.vmn.net/vmnsbf/data/120921093944-m.zip|1209...

Virus Lab research shows that more than 80% of malware (viruses, trojans, worms, spyware) now spreads via the internet. More notably, only 1% of this number comes from suspicious or ‘dodgy’ sites – about 99% spreads via legitimate websites that have been hacked.

We’ve got your back.

The only websites I've been on this am. is Facebook and this forum.  In fact this popped up while I was on the forum.
« Last Edit: September 21, 2012, 10:22:52 AM by -midnight »
Life is too short to start your day with broken pieces of yesterday, it will definitely destroy your wonderful today and ruin your great tomorrow.

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: What Is This
« Reply #1 on: September 21, 2012, 10:13:12 AM »
Please 'modify' your post change the URL from http to hXXp, to break the link and avoid accidental exposure to suspect sites, thanks.

The fact that you get a pop-up on a specific site doesn't necessarily mean the malware is on that site. There is more to it than that. Depending on the browser you can have add-ons (some which might be malicious, redirecting urls in the browser).
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline adotd

  • Sr. Member
  • ****
  • Posts: 278
    • Personal Message (Offline)
Re: What Is This
« Reply #2 on: September 21, 2012, 10:24:01 AM »
Look at pic bellow ;)

Offline -midnight

  • Advanced Poster
  • **
  • Posts: 1110
  • Gender: Female
  • Bella Bella
    • Personal Message (Offline)
Re: What Is This
« Reply #3 on: September 21, 2012, 10:29:33 AM »
I was on and still am using the Flock browser which is the browser I use to access this forum.  As far as I know I don't have any add on's on this browser.
Life is too short to start your day with broken pieces of yesterday, it will definitely destroy your wonderful today and ruin your great tomorrow.

Offline adotd

  • Sr. Member
  • ****
  • Posts: 278
    • Personal Message (Offline)
Re: What Is This
« Reply #4 on: September 21, 2012, 10:32:08 AM »
Hi -midnight

When you get the alert can you take a print screen and post it here  8)


Offline -midnight

  • Advanced Poster
  • **
  • Posts: 1110
  • Gender: Female
  • Bella Bella
    • Personal Message (Offline)
Re: What Is This
« Reply #5 on: September 21, 2012, 10:34:20 AM »
Hi -midnight

When you get the alert can you take a print screen and post it here  8)

I don't know how to do that.
Life is too short to start your day with broken pieces of yesterday, it will definitely destroy your wonderful today and ruin your great tomorrow.

Offline adotd

  • Sr. Member
  • ****
  • Posts: 278
    • Personal Message (Offline)
Re: What Is This
« Reply #6 on: September 21, 2012, 10:48:29 AM »
If you look on keyboard, you will see a key that looks like the one circled in the picture bellow

When you get the alert press that, it will take a printscreen for you

Next

Click Start
Click All programs
Click Accessories
Click Paint


on your keyboard press

CTRL + V

this will paste the screenshoot to paint

*You may need to crop the image*

Click File
Click Save as
Give it a name
Then click on save

Once done attach it here
« Last Edit: September 21, 2012, 10:50:56 AM by adotd »

Offline -midnight

  • Advanced Poster
  • **
  • Posts: 1110
  • Gender: Female
  • Bella Bella
    • Personal Message (Offline)
Re: What Is This
« Reply #7 on: September 21, 2012, 11:07:23 AM »
nfection Details
URL:   hxxp://urlfilter.vmn.net/vmnsbf/data/120...
Process:   C:\ProgramData\Anti-phishing Domain Advi...
Infection:   JS:ScriptSH-inf [Trj]

This just popped up.
Life is too short to start your day with broken pieces of yesterday, it will definitely destroy your wonderful today and ruin your great tomorrow.

Offline adotd

  • Sr. Member
  • ****
  • Posts: 278
    • Personal Message (Offline)
Re: What Is This
« Reply #8 on: September 21, 2012, 11:12:26 AM »
Hi  -midnight

Follow the guide and attach the logs.

http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

Best Regards

Anthony

Offline -midnight

  • Advanced Poster
  • **
  • Posts: 1110
  • Gender: Female
  • Bella Bella
    • Personal Message (Offline)
Re: What Is This
« Reply #9 on: September 21, 2012, 11:58:25 AM »
I just ran a full scan and it didn't show any threats.
Life is too short to start your day with broken pieces of yesterday, it will definitely destroy your wonderful today and ruin your great tomorrow.

Offline adotd

  • Sr. Member
  • ****
  • Posts: 278
    • Personal Message (Offline)
Re: What Is This
« Reply #10 on: September 21, 2012, 12:03:11 PM »
Hi  -midnight

Follow the guide and attach the logs.

http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

Best Regards

Anthony

Follow the following  8)

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: What Is This
« Reply #11 on: September 21, 2012, 01:42:57 PM »
@ -midnight
Is this a program that you have installed C:\ProgramData\Anti-phishing Domain Advi... (presumably the last bit is Advisor) ?
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline midnight2

  • Newbie
  • *
  • Posts: 12
    • Personal Message (Offline)
Re: What Is This
« Reply #12 on: September 21, 2012, 02:19:30 PM »
@ -midnight
Is this a program that you have installed C:\ProgramData\Anti-phishing Domain Advi... (presumably the last bit is Advisor) ?

Anti-phishing Domain Advisor was already on my computer when I set this computer up on June 6 of this year.

I'm surprised that I was even able to post because now it's showing login or register.  This makes no sense.






« Last Edit: September 21, 2012, 02:23:01 PM by midnight2 »

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: What Is This
« Reply #13 on: September 21, 2012, 03:02:46 PM »
Try finding and disabling the Anti-phishing Domain Advisor and see if this is what is causing the problem.

Personally I don't see the need for a dedicated Anti-phishing application as the avast Network Shield malicious sites list is likely to cover phishing sites as many are likely to be malicious. Depending on your browser, it may have anti-phishing built in. You can also consider using the OpenDNS.com as your DNS server it has a dashboard function with many categories you can block at DNS server level, Phishing being one and other parental control settings, http://www.opendns.com/start/ for more info. 
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline -midnight

  • Advanced Poster
  • **
  • Posts: 1110
  • Gender: Female
  • Bella Bella
    • Personal Message (Offline)
Re: What Is This
« Reply #14 on: September 21, 2012, 10:07:30 PM »
Try finding and disabling the Anti-phishing Domain Advisor and see if this is what is causing the problem.

Personally I don't see the need for a dedicated Anti-phishing application as the avast Network Shield malicious sites list is likely to cover phishing sites as many are likely to be malicious. Depending on your browser, it may have anti-phishing built in. You can also consider using the OpenDNS.com as your DNS server it has a dashboard function with many categories you can block at DNS server level, Phishing being one and other parental control settings, http://www.opendns.com/start/ for more info.

Why would this even be installed on my new computer if it was going to cause a problem?
Life is too short to start your day with broken pieces of yesterday, it will definitely destroy your wonderful today and ruin your great tomorrow.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now