Author Topic: JS:Prontexi  (Read 5204 times)

0 Members and 1 Guest are viewing this topic.

a.taylor

  • Guest
JS:Prontexi
« on: August 02, 2010, 09:15:23 AM »
My avast gives me pop up notifications from time to time of how it blocked JS:Prontexi-BY [Trj] and JS:Pdfka-TW [Expl]. I've read about it and avast said that as long as I'm updated and whatnot, I should be fine? But I want to get RID of it! How do I do that? I mean, it must still be in my system if I still get notifications on it being blocked. I've done a full scan and nothing comes up! I also get notifications sometimes about other blocked things (usually .jpg images) that's detected on firefox. Does that mean my firefox is infected? Last time I got a notification (of it being detected on firefox), I was only on like yahoo frontpage and youtube. What should I do?!

While the .jpg ones are detected on firefox, the JS ones are detected in C:\Users\Allyson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\

SafeSurf

  • Guest
Re: JS:Prontexi
« Reply #1 on: August 02, 2010, 11:18:48 AM »
Can you give me some information about your system: 
- OS, RAM, 32 or 64-bit
- Security software: Avast product (Free, Pro, AIS); Avast version, firewall, other security software currently and used in the past on this machine

You mentioned that you get a pop-up of this alert from Avast.  Can you give us a screen shot of this and put it in your next post?  Click Additional Options > Attach (screen shot).

Do you have anything sitting in your Virus Chest?  If so, what does it say?
If you have a 32-bit, have you run a Boot-time scan?  Results?

Check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
·   Download free http://www.malwarebytes.org/ for an on-demand scanner.
·   Double Click mbam-setup.exe to install the application.
·   After install, click update so you have latest database before scanning.
·   Under Settings:
o   General: Automatically Save File After Scan Completes is checked off
o   Scanner SettingsCheck all boxes
o   Updater: Download and install update if available is checked off
·   Once the program has loaded, select "Perform FULL Scan", then click Scan.
·   The scan may take some time to finish, so please be patient.
·   When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
·   Click the “remove selected” button to quarantine anything found.  You will find the infection details under the Quarantine tab.
·   The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
·   Copy & Paste the entire MBAM report in your next post.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts -- Click OK to either and let MBAM proceed with the disinfection process; If asked to restart the computer, please do so immediately.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: JS:Prontexi
« Reply #2 on: August 02, 2010, 06:15:58 PM »
Quote
While the .jpg ones are detected on firefox, the JS ones are detected in C:\Users\Allyson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
Try cleaning your temp files

Temp File Cleaner by OldTimer will clean all temp files
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

you may also run ccleaner as part of a monthly cleaning rotuine
http://www.piriform.com/
« Last Edit: August 02, 2010, 07:49:24 PM by Pondus »

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: JS:Prontexi
« Reply #3 on: August 02, 2010, 07:38:59 PM »
You can also go to the IE settings, advanced tab, and under security put a check in "empty temporary internet files folder when browser is closed"
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Dch48

  • Guest
Re: JS:Prontexi
« Reply #4 on: August 02, 2010, 11:01:54 PM »
The JS-Prontexi trojan is embedded in ads on web pages. If it's the web shield of Avast! that's blocking it, you should be fine. The malware is on the page , not in your system, and will continue to be detected on that page until it is removed. I got a detection of it two nights ago on a Yahoo fantasy baseball page I visit every day.

a.taylor

  • Guest
Re: JS:Prontexi
« Reply #5 on: August 03, 2010, 01:08:46 AM »
-Windows Vista, 3GB, 32-bit
-Avast Free; version 5.0.594, windows firewall, I don't think I've had anything else other than McAfee.

It hasn't popped up since yesterday, so I don't have a screenshot of it.

How do I perform a Boot-time scan? :(





Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4382

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

8/2/2010 5:52:04 PM
mbam-log-2010-08-02 (17-52-04).txt

Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 301257
Time elapsed: 2 hour(s), 6 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





I ran CCleaner, but not Temp File Cleaner by OldTimer. I also checked the "empty temporary internet files..." in IE settings. I never use IE, though, so I don't know how it all ended up in that folder.



Thanks for helping, everybody! And, that's really reassuring to hear @ Dch48! I've always had rotten luck with computers, so anything that goes wrong puts me in a panic. :(

Is it okay to have CCleaner, Malwarebytes, and Avast all installed, though? Would they conflict? I'm not really good with this stuff. Sorry!

SafeSurf

  • Guest
Re: JS:Prontexi
« Reply #6 on: August 03, 2010, 09:14:41 AM »
How do I perform a Boot-time scan?
Open the Avast GUI > Scan Computers > Boot-time scan (for 32-bit machines only) > Schedule Now > Restart computer or wait until you want to restart.  Note: it will take a while for the Boot-time scan to be completed.

MBAM looks clean.  :)

CCleaner you can use upon closing your browser if you really want to clean up.  Which browser do you normally use?

I don't think I've had anything else other than McAfee.
Did you uninstall McAfee on this machine?  Have you used a removal tool for it to clean all leftovers?  If you did not uninstall, try and reboot. 
http://uninstallers.blogspot.com/
http://www.askvg.com/ultimate-collection-of-uninstallers-removal-tools-for-all-popular-anti-virus-software/

Is it okay to have CCleaner, Malwarebytes, and Avast all installed, though? Would they conflict?
Yes, it is OK to have these software on your machine and they will not cause conflict with Avast.  No need to be sorry...better to ask questions...that's what we are here for.  ;)



a.taylor

  • Guest
Re: JS:Prontexi
« Reply #7 on: August 03, 2010, 11:20:09 AM »
I've scheduled the boot-time scan! :D

I normally use firefox.

I just uninstalled McAfee and now Windows Security Center says I don't have virus protection. :(! Avast is enabled and everything, so why isn't Windows able to detect it? Is something wrong?

Also, I took a screenshot of another pop up notification I got from the JS virus thing. It says it's moved the the virus chest... but when I check, it isn't in there... How do I clear temporary files from firefox?
« Last Edit: August 03, 2010, 11:52:00 PM by a.taylor »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: JS:Prontexi
« Reply #8 on: August 03, 2010, 02:29:27 PM »
Quote
How do I clear temporary files from firefox
did you not try the TFC cleaner by oldtimer ?


TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, Firefox, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

a.taylor

  • Guest
Re: JS:Prontexi
« Reply #9 on: August 03, 2010, 11:50:26 PM »
I've tried TFC, but once I clicked start, it ran for about 2 seconds and froze. I waited for a few minutes, but it just said not responding.

iRonzel

  • Guest
Re: JS:Prontexi
« Reply #10 on: August 04, 2010, 12:06:25 AM »
Since I viewed your screen shot of avast! detection, the problem is with your Yahoo! Messenger. You may be visiting or doing something that cause the YM download the malware.

You may read this topic from Yahoo.

http://answers.yahoo.com/question/index?qid=20100721135318AAB0a00