Author Topic: avast detects prefetched trojan...  (Read 17557 times)

0 Members and 1 Guest are viewing this topic.

Offline OrangeCrate

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 798
avast detects prefetched trojan...
« on: May 30, 2006, 01:56:12 PM »
I've never really paid attention to the myriad of Firefox extensions, but recently I added NoScript, AdBlock Plus (with the dutchblock feed) and Fasterfox. (Boy, does the combo of those three extensions speed Firefox up!)

It's been so long that I've had avast warn me of anything, that I almost forgot that it is supposed to.

I did a search this morning on Google for the cost of contact lenses, and low-and-behold, avast popped up with a warning on a trojan installed on one of the prefetched links on the Google results page.
« Last Edit: June 01, 2006, 10:56:36 AM by OrangeCrate »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: avast detects prefetched trojan...
« Reply #1 on: May 30, 2006, 02:08:04 PM »
avast popped up with a warning on a trojan installed on one of the prefetched links on the Google results page.
Are you sure it was an avast message? Wasn't it from NoScript?
Which were the name of the virus and the addressed webpage of that link?
The best things in life are free.

Offline OrangeCrate

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 798
Re: avast detects prefetched trojan...
« Reply #2 on: May 30, 2006, 02:16:51 PM »
avast popped up with a warning on a trojan installed on one of the prefetched links on the Google results page.
Are you sure it was an avast message? Wasn't it from NoScript?
Which were the name of the virus and the addressed webpage of that link?

Yes, it was avast. Here are the details you requested:

http://  acuvuecontacts.ds4a.com/robots.txt

Win32:Small-SK [Trj]

Trojan Horse

0622-1, 05/29/2006

Edit: Removed the active link.
« Last Edit: May 30, 2006, 02:20:09 PM by OrangeCrate »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: avast detects prefetched trojan...
« Reply #3 on: May 30, 2006, 02:21:40 PM »
http://  acuvuecontacts.ds4a.com  /  robots.txt
Please, do not post a live link to an infected file  :P
Yes, it's infected but it does not seem to be 'prefetched' but it is a WebShield message detecting the infection on that page.
Do you have this file saved in your computer?
The best things in life are free.

Offline OrangeCrate

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 798
Re: avast detects prefetched trojan...
« Reply #4 on: May 30, 2006, 02:28:24 PM »
I know. I was removing the link the same time you were posting. Sorry.

To answer your question, no.  I didn't open the page, and avast aborted the connection.

Since I got no further than the Google results page for the search when avast warned me, and then by clicking the option button avast aborted the connection, it certainly must have been prefetched by Fasterfox. I didn't click on any links on the search page.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: avast detects prefetched trojan...
« Reply #5 on: May 30, 2006, 02:30:48 PM »
Since I got no further than the Google results page for the search when avast warned me, and then by clicking the option button avast aborted the connection, it certainly must have been prefetched by Fasterfox. I didn't click on any links on the search page.
avast WebShield should 'blocked' the connection (did you set it to work on Silent Mode? See the provider settings, Advanced tab) and the file shouldn't be saved or prefetched... this is the purpose of WebShield.
Can you schedule a boot time scanning with avast and see if any infection remains in your computer?
The best things in life are free.

Offline OrangeCrate

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 798
Re: avast detects prefetched trojan...
« Reply #6 on: May 30, 2006, 02:52:40 PM »
I do not have avast set to run in the silent mode.

To repeat - I did not click on the link, so I'm pretty sure it's not on my computer. The link was on the Google results page.

Fasterfox prefetches pages, links, whatever, so, out of curiosity, why do you think that the link wasn't prefetched?

I'll post again after I run a scan...

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83537
  • No support PMs thanks
Re: avast detects prefetched trojan...
« Reply #7 on: May 30, 2006, 03:37:44 PM »
Yes, it was avast. Here are the details you requested:

http://  acuvuecontacts.ds4a.com/robots.txt

Win32:Small-SK [Trj]
I would say that it is quite possible this could be correct as I find it strange that you would be directed to robots.txt as this is a text file containing instructions on how a search engine's searchbot/s is allowed to search your site (so I would say it is certainly strange and I would treat it with suspicion). The robots.txt file isn't usually placed in a location accessible to the public.

How/why were you trying to access this file/web location e.g. redirected, link on a web page or email, etc. ?
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline OrangeCrate

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 798
Re: avast detects prefetched trojan...
« Reply #8 on: May 30, 2006, 05:37:34 PM »
Tech - I run the Home version, not the Pro version, so I don't have the option to run a boot time scan. I have run a standard scan, and there are no infected files. (If you can schedule one from the Home version please advise how. I don't see it in the avast! documentation.)

David - As mentioned earlier in this thread, I searched Google for the price on contact lenses. As soon as Google returned the first page of results, the avast warning came up. Here's the rest of the story from the previous post:


To answer your question, no.  I didn't open the page, and avast aborted the connection.

Since I got no further than the Google results page for the search when avast warned me, and then by clicking the option button avast aborted the connection, it certainly must have been prefetched by Fasterfox. I didn't click on any links on the search page.

I have no idea why a robots.txt file showed up in the warning, but it must have been triggered by the prefetch action of Fasterfox, and that bothers me a lot.


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: avast detects prefetched trojan...
« Reply #9 on: May 30, 2006, 05:48:51 PM »
Why do you think that the link wasn't prefetched?
Because WebShield should block the file BEFORE it is even saved into the disk.

Tech - I run the Home version, not the Pro version, so I don't have the option to run a boot time scan.
Home version has boot time scanning too.

If you can schedule one from the Home version please advise how. I don't see it in the avast! documentation.
Start avast! > Right click the skin > Schedule a boot-time scanning.

Doing so displays a dialog allowing you to schedule virus scanning.
Check Archives, if you want scan all the archives.
Specify whether all the disks or just a specific folder should be scanned.
Select Advanced options for scheduling details.
Select how to automatically process infected files.
Choose how to automatically process infected system files.
Click the Schedule button to confirm the settings.
The best things in life are free.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83537
  • No support PMs thanks
Re: avast detects prefetched trojan...
« Reply #10 on: May 30, 2006, 05:58:14 PM »
Quote
I have no idea why a robots.txt file showed up in the warning, but it must have been triggered by the prefetch action of Fasterfox, and that bothers me a lot.

Sorry missed the bit about fasterfox prefetch.

Well I have the prefetch function disabled in fasterfox as I'm on dial-up and if anything for me it slowed browsing, taking longer to load the originating page. I'm still surprised that there would be a link to the robots.txt in the acuvue index (default) page and I'm not sure what depth the prefetch goes in links to additional pages.

So I did a little test as the acuvuecontacts is a subdomain of ds4a.com, trying to connect to ds4a.com causes avast to alarm so that may have been the cause rather than robots.txt ???
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline OrangeCrate

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 798
Re: avast detects prefetched trojan...
« Reply #11 on: May 30, 2006, 06:07:42 PM »
Tech - I'm busy on some other projects at the moment, but I'll try that later before I shut down my computer. Thanks.

David - Thanks for the confirmation. As mentioned, I personally didn't visit the site, but obviously Fasterfox did on my behalf.

Thank goodness avast caught it. Good job team! Makes me wonder if I should continue to use Fasterfox...

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83537
  • No support PMs thanks
Re: avast detects prefetched trojan...
« Reply #12 on: May 30, 2006, 06:22:24 PM »
FasterFox does more than the prefetch function and disabling just the prefetch should be fine.

I did another test on ds4a.com using DrWeb firefox extension but got a 404 error
Quote
Error

Can`t fetch file pointed by your url. This may be caused by several reasons:
    * Remote file is not available (not found, requires authentication, permission denied)
    * Remote site is down, or very slow, or busy
    * No network connectivity between Dr.Web online server and remote web-site
See details below:

Details:
404 Not Found

Could just be slow but avast still alerts even though DrWeb can't load the page.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline OrangeCrate

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 798
Re: avast detects prefetched trojan...
« Reply #13 on: May 30, 2006, 07:34:10 PM »
David - I've disabled prefetching in Fasterfox. This experience has just taught me, that that is probably a good idea.

Tech - Thanks, I didn't know that. I thought I had read that setting up a boot time scan was only available in the Pro version, and that in the Home Edition, it was only available when a virus was found during the standard scanning process. I'm going to scan now.

I'll post again when done...

Offline Jorasik

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 423
    • My website (in bulgarian)
Re: avast detects prefetched trojan...
« Reply #14 on: May 30, 2006, 07:54:23 PM »
I'm currently using kaspersky(trial).I entered the site to see if kaspersky detects anything and nothing happened...no virus warning...
So am i now infected with something kaspersky doesn't detect  ???  :-\
this is the page
htt p:// ds 4a .co m /