Author Topic: What Is This  (Read 10791 times)

0 Members and 1 Guest are viewing this topic.

Offline midnight

  • Massive Poster
  • ****
  • Posts: 2462
  • Never Be Rude
What Is This
« on: September 21, 2012, 11:47:03 AM »
avast! blocked the virus:
hxxp://urlfilter.vmn.net/vmnsbf/data/120921093944-m.zip|1209...

Virus Lab research shows that more than 80% of malware (viruses, trojans, worms, spyware) now spreads via the internet. More notably, only 1% of this number comes from suspicious or ‘dodgy’ sites – about 99% spreads via legitimate websites that have been hacked.

We’ve got your back.

The only websites I've been on this am. is Facebook and this forum.  In fact this popped up while I was on the forum.
« Last Edit: September 21, 2012, 12:22:52 PM by -midnight »
.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: What Is This
« Reply #1 on: September 21, 2012, 12:13:12 PM »
Please 'modify' your post change the URL from http to hXXp, to break the link and avoid accidental exposure to suspect sites, thanks.

The fact that you get a pop-up on a specific site doesn't necessarily mean the malware is on that site. There is more to it than that. Depending on the browser you can have add-ons (some which might be malicious, redirecting urls in the browser).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

adotd

  • Guest
Re: What Is This
« Reply #2 on: September 21, 2012, 12:24:01 PM »
Look at pic bellow ;)

Offline midnight

  • Massive Poster
  • ****
  • Posts: 2462
  • Never Be Rude
Re: What Is This
« Reply #3 on: September 21, 2012, 12:29:33 PM »
I was on and still am using the Flock browser which is the browser I use to access this forum.  As far as I know I don't have any add on's on this browser.
.

adotd

  • Guest
Re: What Is This
« Reply #4 on: September 21, 2012, 12:32:08 PM »
Hi -midnight

When you get the alert can you take a print screen and post it here  8)


Offline midnight

  • Massive Poster
  • ****
  • Posts: 2462
  • Never Be Rude
Re: What Is This
« Reply #5 on: September 21, 2012, 12:34:20 PM »
Hi -midnight

When you get the alert can you take a print screen and post it here  8)

I don't know how to do that.
.

adotd

  • Guest
Re: What Is This
« Reply #6 on: September 21, 2012, 12:48:29 PM »
If you look on keyboard, you will see a key that looks like the one circled in the picture bellow

When you get the alert press that, it will take a printscreen for you

Next

Click Start
Click All programs
Click Accessories
Click Paint


on your keyboard press

CTRL + V

this will paste the screenshoot to paint

*You may need to crop the image*

Click File
Click Save as
Give it a name
Then click on save

Once done attach it here
« Last Edit: September 21, 2012, 12:50:56 PM by adotd »

Offline midnight

  • Massive Poster
  • ****
  • Posts: 2462
  • Never Be Rude
Re: What Is This
« Reply #7 on: September 21, 2012, 01:07:23 PM »
nfection Details
URL:   hxxp://urlfilter.vmn.net/vmnsbf/data/120...
Process:   C:\ProgramData\Anti-phishing Domain Advi...
Infection:   JS:ScriptSH-inf [Trj]

This just popped up.
.

adotd

  • Guest
Re: What Is This
« Reply #8 on: September 21, 2012, 01:12:26 PM »
Hi  -midnight

Follow the guide and attach the logs.

http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

Best Regards

Anthony

Offline midnight

  • Massive Poster
  • ****
  • Posts: 2462
  • Never Be Rude
Re: What Is This
« Reply #9 on: September 21, 2012, 01:58:25 PM »
I just ran a full scan and it didn't show any threats.
.

adotd

  • Guest
Re: What Is This
« Reply #10 on: September 21, 2012, 02:03:11 PM »
Hi  -midnight

Follow the guide and attach the logs.

http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

Best Regards

Anthony

Follow the following  8)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: What Is This
« Reply #11 on: September 21, 2012, 03:42:57 PM »
@ -midnight
Is this a program that you have installed C:\ProgramData\Anti-phishing Domain Advi... (presumably the last bit is Advisor) ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: What Is This
« Reply #12 on: September 21, 2012, 05:02:46 PM »
Try finding and disabling the Anti-phishing Domain Advisor and see if this is what is causing the problem.

Personally I don't see the need for a dedicated Anti-phishing application as the avast Network Shield malicious sites list is likely to cover phishing sites as many are likely to be malicious. Depending on your browser, it may have anti-phishing built in. You can also consider using the OpenDNS.com as your DNS server it has a dashboard function with many categories you can block at DNS server level, Phishing being one and other parental control settings, http://www.opendns.com/start/ for more info. 
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline midnight

  • Massive Poster
  • ****
  • Posts: 2462
  • Never Be Rude
Re: What Is This
« Reply #13 on: September 22, 2012, 12:07:30 AM »
Try finding and disabling the Anti-phishing Domain Advisor and see if this is what is causing the problem.

Personally I don't see the need for a dedicated Anti-phishing application as the avast Network Shield malicious sites list is likely to cover phishing sites as many are likely to be malicious. Depending on your browser, it may have anti-phishing built in. You can also consider using the OpenDNS.com as your DNS server it has a dashboard function with many categories you can block at DNS server level, Phishing being one and other parental control settings, http://www.opendns.com/start/ for more info.

Why would this even be installed on my new computer if it was going to cause a problem?
.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: What Is This
« Reply #14 on: September 22, 2012, 12:48:43 AM »
I haven't a clue why it would be installed on a new computer aside from not knowing what that computer was, many manufacturers load their computers with junk, looks good in a long list of free software.

They also haven't a clue what you are going to subsequently install.

Dell in the past have had lots of form for installing cr4pware, there was a tool built to remove it, Decrapifier. 
http://uk.search.yahoo.com/search?p=remove+crapware
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security