Help, What is causing this??

[gchalk]

I have something nasty loaded that keepts trying to open the following Web address in a background page that I don't see.  What is causing this and how do I kill it?

http://82.98.235.63/cgi-bin/check/autoaff3/862?i=553&v=2_5_1&g=e8dc7313+156A175DBBF54FFA9603F7864C04FEE5&t=2007_01_09_03_48&d=11099&m=1&a=1

Neither Avast or PC-cillin detect anything.

Thanks in Advance.

Geoff

[DavidR]

A whois check for 82.98.235.63 returns this does cybertechnology ring any bells ?

% Information related to '82.98.235.0 - 82.98.235.255'

inetnum:        82.98.235.0 - 82.98.235.255
netname:        CYBERTECHNOLOGY
descr:          Cyber Technology BV BA/SPRL
descr:          Belgium
country:        NL

A google search for autoaff3 returns many hits http://www.google.com/search?q=autoaff3

But it does appear to be a trojan trying to get out, I would suggest blocking the IP in your firewall until this is resolved.

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode.
1. Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2 or HiJackThis Tutorial 3
On-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.

[gchalk]

Thank-you.  AVG removed 9 trojans/adware/viri/droppers in over 40 files that neither Avast or PC Cillin could find.

Thanks again!!

Geoff

[DavidR]

Glad I could help.

The other programs specialise in anti-spyware (trojan detections) that is why it is recommended to have a multi-application approach to your defence, anti-virus, anti-spyware, not to forget a good firewall (what is it ?) that should help protect against the 'droppers' you mentioned.

A belated welcome to the forums.

[Lisandro]

Thank-you.  AVG removed 9 trojans/adware/viri/droppers in over 40 files that neither Avast or PC Cillin could find.

Geoff, did you send the files to AVG Quarantine?
If so, maybe you can post here the name and the full path of them.
It's a pity that AVG Antispyware does not allow to extract the quarantine files to other folder than the original one. This way it will be possible to send the files to Alwil for analysis. 

[DavidR]

The quarantine should allow you to restore the file which could then be added to the User Files section (File, Add) in the avast chest and send it to avast from the chest. For the short period it would be in the original location I doubt it would present a hazard.

[Lisandro]

The quarantine should allow you to restore the file

Too dangerous in my opinion for the common user. The file will be, infected, at the original place... one double click and... caput...
Restoration, specially in case that avast does not detect the virus, should be done to an USB driver, for instance...

[DavidR]

The quarantine should allow you to restore the file

Too dangerous in my opinion for the common user. The file will be, infected, at the original place... one double click and... caput...
Restoration, specially in case that avast does not detect the virus, should be done to an USB driver, for instance...

There is no need to touch it, the avg-as quarantine restores it to the original location, the chest User Files (File, Add) imports/adds it to the chest without the user even having to go to the folder. Provided it is done like that there really is very little or no risk of running it.

As you previously said avg-as doesn't allow for restoring/saving to an alternate location.