Author Topic: Trojan Horse Blocked? (Read 5114 times)

Danary · « **on:** November 01, 2010, 01:54:25 AM »

I keep getting that Avast is blocking a trojan horse called JS:Downloader-AGS [Tri], what is causing it and how do I stop it from popping up constantly?

DavidR · « **Reply #1 on:** November 01, 2010, 02:03:03 AM »

When is this happening, e.g. what are you doing at the time ?

If whilst browsing, if so what is the URL 'modify' the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

Is it from the same site, or multiple sites, etc. ?

Danary · « **Reply #2 on:** November 01, 2010, 05:58:00 AM »

Im not sure, I use google chrome and have like 10 windows load when I open it. But it usually happens when im just reading a webpage or something. Heres a screenshot. http://img824.imageshack.us/img824/5868/97641415.jpg

Pondus · « **Reply #3 on:** November 01, 2010, 07:41:59 AM »

Try this

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click on the remove selected button to quarantine anything found
you may post the scan log here

Kaspersky TDSSkiller
http://support.kaspersky.com/viruses/solutions?qid=208280684

Danary · « **Reply #4 on:** November 01, 2010, 10:13:28 AM »

Ok, I downloded the program and ran a full scan. Here are the results.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5012

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/1/2010 5:12:14 AM
mbam-log-2010-11-01 (05-12-14).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Objects scanned: 340023
Time elapsed: 55 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DavidR · « **Reply #5 on:** November 01, 2010, 03:53:24 PM »

Quote from: Danary on November 01, 2010, 05:58:00 AM

Im not sure, I use google chrome and have like 10 windows load when I open it. But it usually happens when im just reading a webpage or something. Heres a screenshot. http://img824.imageshack.us/img824/5868/97641415.jpg

Looks like it could be a case of ads poisoning, where adverts are crafted to be malicious.

However, a search for adtmt.com reveals some interesting (read malware) results, see this one as it also refers indirectly to Google Chrome, but isn't specific to it. http://www.google.com/support/forum/p/Chrome/thread?tid=09a9e4a72984b56b&hl=en

Also see http://forums.techguy.org/virus-other-malware-removal/432534-view-atdmt-com-spyware-removal.html.

Author Topic: Trojan Horse Blocked? (Read 5114 times)

Danary

Trojan Horse Blocked?

DavidR

Re: Trojan Horse Blocked?

Danary

Re: Trojan Horse Blocked?

Pondus

Re: Trojan Horse Blocked?

Danary

Re: Trojan Horse Blocked?

DavidR

Re: Trojan Horse Blocked?