Author Topic: AVAST 5 failed to prevent Trojan Attack in Chat Room  (Read 5333 times)

0 Members and 1 Guest are viewing this topic.

goheat03

  • Guest
AVAST 5 failed to prevent Trojan Attack in Chat Room
« on: September 11, 2010, 09:50:06 PM »
I was in Yahoo! Chat room and someone sent me a trojan virus through the room.  Avast! was not successful in blocking it, it only blocked 1 of the attacks. 

Here is the log from the file system shield:

---------------------------------------------------------
Started on: Friday, September 9, 2010 12:05:28 PM
*

9/10/2010 2:46:54 AM   C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\GP6R4TQJ\rotator[1].htm [L] JS:Downloader-ACM [Trj] (0)
File was successfully moved to chest...

9/10/2010 2:46:58 AM   C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\EHTANAPW\mdac[1].htm [L] JS:Downloader-ACM [Trj] (0)
While moving file to chest, error occurred: The process cannot access the file because it is being used by another process
During the file delete, error occurred: The process cannot access the file because it is being used by another process

9/10/2010 2:47:04 AM   C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\LFZB99OA\asshole[1].pdf [L] JS:Pdfka-AMI [Expl] (0)
While moving file to chest, error occurred: The process cannot access the file because it is being used by another process
During the file delete, error occurred: The process cannot access the file because it is being used by another process

9/10/2010 2:47:04 AM   C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\LFZB99OA\asshole[2].pdf [L] JS:Pdfka-AMI [Expl] (0)
While moving file to chest, error occurred: The process cannot access the file because it is being used by another process
During the file delete, error occurred: The process cannot access the file because it is being used by another process
*

The trojan started up Java and started to flash pictures and open websites until I disconnected from the internet.  I ran a quickscan of my temp internet file folder and Avast found 2 of the infected files that escaped it the first time.  I deleted the 3rd infected file manually. 

Then I ran a boot-time scan and here is what it found:

File C:\Documents and Settings\Sam\Application Data\Sun\Java\Deployment\cache\6.0\10\35ace28a-5720654c|>mosdef.class is infected by Java:Agent-BA [Expl], Moved to chest

File C:\Documents and Settings\Sam\Application Data\Sun\Java\Deployment\cache\6.0\28\4924ce9c-50f251c9|>seopack.class is infected by Other:Malware-gen, Moved to chest
Number of searched folders: 15381   


-------------------------------------------

I am a little disappointed that AVAST failed to prevent the files from infecting my computer.   :-[  Are there some settings I can do to prevent this in the future?  Does anyone have any idea what kind of harm this attack did to my computer???  Thanks for your help!!! 

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9408
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: AVAST 5 failed to prevent Trojan Attack in Chat Room
« Reply #1 on: September 11, 2010, 10:07:20 PM »
Do you have all the shields installed and running? Considering you seem to be a high risk user, i suggest you supplement your protection with payable version of avast! and use Sandbox or by simply using ThreatFire and Norton Safe Web Lite along with existing avast! Free.
Oh and switch from Internet Explorer to some other browser. Like Firefox, Opera or Chrome.
That should do it.
Visit my webpage Angry Sheep Blog

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37584
  • Not a avast user
Re: AVAST 5 failed to prevent Trojan Attack in Chat Room
« Reply #2 on: September 11, 2010, 10:40:25 PM »
Temp File Cleaner by OldTimer ( will clean ALL and ONLY tempfiles )
(Note: If you are running on Vista, right-click on the file and choose Run As Administrator)
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

check for malware with

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click the remove selected button to quarantine anything found
you may post the scan log here

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89219
  • No support PMs thanks
Re: AVAST 5 failed to prevent Trojan Attack in Chat Room
« Reply #3 on: September 15, 2010, 05:06:15 AM »
@ goheat03
Since one of your detections mentions a JAVA exploit, there is a possibility that you are running or still have installed an old version of JAVA.

Quote from: goheat03
File C:\Documents and Settings\Sam\Application Data\Sun\Java\Deployment\cache\6.0\10\35ace28a-5720654c|>mosdef.class is infected by Java:Agent-BA [Expl], Moved to chest

- I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security