Virus Warrnings

[WLDCU]

Is there a way of customizing avast alerts so that they will give me more information and details?

I got this from one of our Terminal Servers:

avast! [server name]: File "hXXp://members.lycos.nl/lakod/menu.js" is infected by "JS:Redirector-F [Trj]" virus.
"Resident protection (Web Shield)" task used
Version of current VPS file is 090715-0, 07/15/2009

It does not tell me who the user was, nor if it was able to quarantine or delete the file. If there is a way of customizing alerts and having it give additional information like user, action taken, etc., where do I do that in ADNM?

Thanks.

[DavidR]

Sorry I don't use the server version so can't address those issues.

However, the JS:Redirector-F malware is an indication that that members.lycos site has been hacked to redirect to a malicious site or run code from that site. The web shied would block that from happening, giving the user only one option 'Abort Connection,' which would drop the infected file stopping it being run. So the fire as such shouldn't have got on the system to be either quarantined or deleted by the user.

Please 'modify' your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

[polonus]

Hi WDLCU & DavidR,

1 hidden external link found.

Code: [Select]

EDITED A> hidden ?" target="_blank"> - http://ad.de.doubleclick.net/jump/cd.tripod-test_DE/_default;sz=728x90;ord=<?php echo time(); ?^?
<Script> link - http://ad.de.doubleclick.net/adj/cd.tripod-.....test_DE/_default;sz=728x90;ord=17858b96
2 suspicious inline scripts found:
Script outside of <HTML>..

Code: [Select]

.</HTML> block
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.")Script outside of <HTML>...</HTML> block

Code: [Select]

try {
var pageTracker = _gat._getTracker("UA-7539432-11");
pageTracker._trackPageview();
} catch(er...Malicious software includes 2140 scripting exploit(s), 231 trojan(s), 11 exploit(s). Successful infection resulted in an average of 3 new process(es) on the target machine.

Malcode is being hosted on 275 domains, e.g. onlyfind.net/, online-life.org/, soft-cheap.com/.

77 domains seem to function as intermediaries for spreading malware to visitors of mentioned site, e.g. onlyfind.net/, soft-cheap.com/, online-life.org/.

This site was hosted on 2 network(s) including AS25074 (INETBONE), AS15169 (GOOGLE).

polonus

[WLDCU]

Thanks for the reply guys.

Can some one answer me if there is a way of customizing Alerts in ADNM and if so how it's done?

[DavidR]

Sorry, as I said I don't use the server version, nor do I use ADNM, so can't address those issues.

[oscarenzo]

Hi, how i can configure the avast alert's, i've a avast for linux server, run on centOS