hxxp

[mkis]

I just came back to avast on this computer and checked my log. Last time in, I wrote an infected and active url in full. Sorry folks, I was in too much of a rush. Correct this. Original post has been corrected as well.


Malware ID      hxxp://tejary.net/h.js

I also posted two entries from June 2008 that I found in my event viewer. I thought at first malware because I recall a plethora of malware infections at the time, perhaps a little later. Kids might download a browser to the desktop and the avast application gets overridden. Infected flash drives were common. Computers were easy cleaned of usual suspects. I thought there might have been more to it when I traced back through entries in the event viewer. But I don’t think so now. I don’t think there’s much in these two entries.

23-6-08
AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUMENTS AND SETTINGS\MKIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FYCG5LV2.DEFAULT\PREFS.JS (C:\DOCUMENTS AND SETTINGS\MKIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FYCG5LV2.DEFAULT\PREFS.JS) returning error, 00000005

17-6-2008
AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUMENTS AND SETTINGS\MKIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FYCG5LV2.DEFAULT\PREFS.JS (C:\DOCUMENTS AND SETTINGS\MKIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FYCG5LV2.DEFAULT\PREFS.JS) returning error, 00000005. 


I was installing avast quite regularly at the time. I went off feature heavy browsers and settled for a simpler desktop. I think the Mozilla browser was uninstalled before Oct / Nov 2008. I have no idea what the AAVM - scanning warning means.

[DavidR]

First there are two iframe tags inside that javascript file so the detection is good. One of these iframes links to a Chinese site with known malware the other appears a legit site, however, this use of a ,js file is very suspicious anyway.

The other two are access denied and nothing avast can do about that:
Personally I keep my nose out of the logs as for the most part the content is verbose and not to helpful to a user, more so for a developer. Only if I experience a problem with avast or hard errors are displayed to the screen do I look in the logs.
 
So are you getting any errors displayed to the screen or other avast problems ?
 
If not I wouldn't worry about this.

[polonus]

Hi DavidR,

I have Event Log Explorer and that shows up what happens,

pol

[DavidR]

I'm not sure were event log explorer would come into this ?

If it is for the error number, it is a windows file system error and for that I just have a little program called Error Messages For Windows from gregorybraun.com a massive 150KB, there are lots of other small tools on the site.

[Lisandro]

How to check webpages is being asked here: http://forum.avast.com/index.php?topic=44139.msg369428#msg369428

[DavidR]

In this case I used my download manager, Orbit to download the .js file avast alerted twice, but I took no action. I cut and pasted it into my exclusions folder, checked in and checked the contents using notepad.

Not rocket science or really difficult but not something I would recommend unless you are prepared to deal with any potential consequences.

[Lisandro]

Not rocket science or really difficult but not something I would recommend unless you are prepared to deal with any potential consequences.

I wish some kind of tool that does that automatically...

[polonus]

Hi Tech,

If I did not have anti-virus log via Event Log Explorer, where would I get information on an Avast scanning error like:
AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUME~1\POLONUS~1\LOCALS~1\TEMP\~DFD14D.TMP (C:\DOCUME~1\POLONUS~1\LOCALS~1\TEMP\~DFD14D.TMP) returning error, 00000005.
All my av flag warnings also land there. Type Date Time Event Source Category User Computer
I am rather glad with this program, and glad bob3160 once pointed it out to me, all the logs are filed and saved,

polonus

[DavidR]

Like I said earlier I keep out of the avast log viewer and the same goes for the windows event viewer (it is no more helpful than the avast log viewer) unless I have a specific problem or errors are displayed to the screen.

As in the case of the above it really is a non-error just a file with access denied.

[YoKenny]

Hi Tech,

If I did not have anti-virus log via Event Log Explorer, where would I get information on an Avast scanning error like:
AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUME~1\POLONUS~1\LOCALS~1\TEMP\~DFD14D.TMP (C:\DOCUME~1\POLONUS~1\LOCALS~1\TEMP\~DFD14D.TMP) returning error, 00000005.
All my av flag warnings also land there. Type Date Time Event Source Category User Computer
I am rather glad with this program, and glad bob3160 once pointed it out to me, all the logs are filed and saved,

polonus

I am with polonus as I like Event Log Explorer as it makes the Event Logs much easier to view and handle

Analyze your event logs with Event Log Explorer™

Event Log Explorer™ is an effective software solution for viewing, monitoring and analyzing events recorded in Security, System, Application and another logs of Microsoft Windows NT/2000/XP/2003 operating systems. Event Log Explorer greatly extends standard Windows Event Viewer monitoring functionality and brings many new features.

http://www.eventlogxp.com

[mkis]

Thanks DavidR, Avast support forum, for sharing knowhow. 

The two AAVM scanning warning messages appear isolated events that occurred when access was denied (returning error, 00000005) as you say. There appear no other associated entries in event viewer.

23-6-08
AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUMENTS AND SETTINGS\MKIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FYCG5LV2.DEFAULT\PREFS.JS (C:\DOCUMENTS AND SETTINGS\MKIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FYCG5LV2.DEFAULT\PREFS.JS) returning error, 00000005

17-6-2008
AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUMENTS AND SETTINGS\MKIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FYCG5LV2.DEFAULT\PREFS.JS (C:\DOCUMENTS AND SETTINGS\MKIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FYCG5LV2.DEFAULT\PREFS.JS) returning error, 00000005.

‘FYCG5LV2’ a bit of a worrying looking reference (profile or account reference perhaps?). I just didn’t like the look of it. 


Default pref. Files seem to be preference settings from user customization of Mozilla toolbar functions which may have tried to launch at startup but access subsequently denied as part of Mozilla security I presume – and so error registered for the event.

http://www-archive.mozilla.org/catalog/end-user/customizing/briefprefs.html

I’m not worried about the two files. I thought perhaps something more may have been happening than actually was. The Mozilla program / toolbar was uninstalled later and no entries have since registered outside the two originals.

‘FYCG5LV2’ still a bit worrying but can’t see any record of malware come to surface. So have to say okay. May be looking for too much that isn’t there. And I'll keep a closer eye on how I write any suspect urls from now on.

Much thanks

mkis

[DavidR]

This is just the random naming of the firefox folders that store the browser profiles (see image, nothing to worry about, note the random naming).

[mkis]

Very clear now. I see random naming. Much appreciated. 

[DavidR]

You're welcome.

[Lisandro]

Like I said earlier I keep out of the avast log viewer and the same goes for the windows event viewer (it is no more helpful than the avast log viewer) unless I have a specific problem or errors are displayed to the screen.

There are more things behind the screen... I use Windows Events frequently. Helps on diagnosis and to know what is happening in the backgrounds.