Someplace to report IP address of detected virus?

[momcat]

Avast detected a virus while I was browsing this morning (Avast said ~ "don't worry, just abort connection", so I did.) But there is an IP address where it detected the virus - is there a place to report this?

[oldman]

Why not? 

It would also be useful to post what avast detected. That can be found in the logs under warning. You will have to expand the columns by sliding them left/right. Also break up the ip so it not an active link,

1  23. 432 . 567  or ava st. c om

Welcome to the forum

[momcat]

Ok - the IP address: 80.  93.  48.  74  plpwoeqwdkpwefiwe

Um, seem to be having trouble getting the Log Viewer to open - right-click on the icon in the tray and select Log Viewer, right? It's not opening, just leaving a "ghost" on the desktop which refreshing doesn't fix.

[DavidR]

Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections.

You can export the current list and copy and paste the contents of the infection warning into your post, see image.

Try double clicking on the ashLogV.exe file in the avast4 folder and see if that opens it OK.

[momcat]

No, it's not opening, not from the tray icon and not from the folder. 

[Lisandro]

Code: [Select]

80.93.48.74plpwoeqwdkpwefiweI've tested this against Dr. Web and the site cannot be reached. Is it the correct URL?
Even adding http or www does not work.

[momcat]

forward slash after the IP and forward slash after the "....fiwe"  And of course, http:// before the whole thing, sorry.

[oldman]

No, it's not opening, not from the tray icon and not from the folder. 

I'm not sure if a repair will empty the logs or not, but may resolve the problem.

In add/remove programs, highlight avast, click add/remove, scroll down to repair.

Coping the existing log to a temp location will preserve it though, just in case.

C:\program files\alwil software\avast4\data\log

You can also view the warning log from the above location with notepad.

[momcat]

OK, here's what the warning file said (viewed  w/Notepad):
10/7/2007   4:51:08 AM   1191747068   SYSTEM   1756   Sign of "JS:Agent-Q [trj]" has been found in "http:  //80.93.48.74/  tersreqwsrewter/" file. 
10/20/2007   11:01:41 AM   1192892501   SYSTEM   1820   Sign of "JS:Agent-Q [trj]" has been found in "http:  //80.93.48.74/  plpwoeqwdkpwefiwe /" file. 

I am noticing that it showed up before on the 7th, same IP. At 5AM that was probably my daughter logging into MySpace, and today, I was logging into MySpace when it happened...hmmm. BTW, tracing the IP address goes to a Russian site.

JS - is that JavaScript?

[DavidR]

No, it's not opening, not from the tray icon and not from the folder. 

I would try a repair of avast, but I don't think that will be of much help.

This might seem out of left field, but what is your firewall, as there have been some cases of what would appear ghost windows and or remnants left after closing for Kerio firewall ?

Yes JS is javascript and it could be a javascript redirect trying to take you to or open another page and that is where the malware resides.

[oldman]

Right or wrong, myspace, utube, even facebook has had the finger pointed at them as source of malware.

Now for your other problem, did you try a repair? anything else running that may cause the interface not to open?

BTW you should break the links in your post. Sometimes people like to click on pretty blue things.  

[momcat]

 :-[Sorry about the links, I thought the quotes fixed that *ulp*!

No, it's not opening, not from the tray icon and not from the folder. 

I would try a repair of avast, but I don't think that will be of much help.

This might seem out of left field, but what is your firewall, as there have been some cases of what would appear ghost windows and or remnants left after closing for Kerio firewall ?

Yes JS is javascript and it could be a javascript redirect trying to take you to or open another page and that is where the malware resides.

Running Defender (on Vista) only.

Right or wrong, myspace, utube, even facebook has had the finger pointed at them as source of malware.

Now for your other problem, did you try a repair? anything else running that may cause the interface not to open?

BTW you should break the links in your post. Sometimes people like to click on pretty blue things. 

Didn't try a repair, and I haven't changed anything on the computer lately. The latest Firefox update didn't take (just yesterday, I think). Maybe I should restart.

[Lisandro]

Running Defender (on Vista) only.

Hmmm... why don't you try AVGas or SpywareTerminator?

[oldman]

I honestly can't say if defender(I'm thinking antispyware) would stop the interface from opening. I guess the only way to find out would be to pause/stop it and see. Or is "defender the name of the vista firewall?

[Lisandro]

I honestly can't say if defender(I'm thinking antispyware) would stop the interface from opening.

No, it's not guilty. I'm just saying that there are better antispyware tools to use.

Or is "defender the name of the vista firewall?

No. It's Windows Defender, the antispyware (antimalware) tool.