Author Topic: Virus Attack or???? (Read 4596 times)

veegee · « **on:** March 09, 2011, 11:35:59 PM »

Whatever happened here...did I have a virus attack or what?? Scary stuff!!
The other day I was viewing a video tutorial on Spybot on site (howcast.com). A minute or so into it a whole screen message appeared from the web page (5d7539.innersafe14.com) that AV has found suspect activity on your PC and will perform some actions on your PC with a list of 9 infections (hi-med- & critical). A download box to save or open appeared & I became very suspicious!! Tried to click out of it but it would not go so I used the back button and was back into the video. A minute later Avast 6 alert came on and said it blocked infections.

That was such an unusual name for a website - was this Windows Firewall or Windows Defender or some sort of virus attack?

Avast File Shield logs - 1 file deleted,successful -- 2 moved to chest, successful
Avast Web Shield logs - 5 threats with option choices (repair,delete,send to chest, do nothing)
Both of the above log files were High risk.

I clicked on 'send to chest' from the drop down option list in Web Shield logs but nothing happens. How can I move them there?

Are the threats in the Web Shield isolated so the computer is protected? Would that be the sandbox?

Ran scans later: Avast6, MBAM, SAS,Spybot and all OK.
Could someone please advise me on this? Thanks in advance.

Windows 7 Home Premium, IE8, Windows Firewall, Windows Defender,Avast 6

Pondus · « **Reply #1 on:** March 09, 2011, 11:50:29 PM »

Quote

Could someone please advise me on this? Thanks in advance.

posting the logs would be a good start

veegee · « **Reply #2 on:** March 10, 2011, 02:26:09 AM »

Hi Pondus, I've been searching high and low and can't find out how to post those logs.
Could you please tell me how?

Anyway, there seems to be something amiss here. I updated the program to Avast 6 free about a week ago but when I check in C:\programs, there is ony Avast 5 there.

Thanks

Pondus · « **Reply #3 on:** March 10, 2011, 02:34:39 AM »

Lower left corner > additional options > attach

veegee · « **Reply #4 on:** March 10, 2011, 03:36:15 AM »

Sorry Pondus, but I do not have anything that reads additional options & attach.

DavidR · « **Reply #5 on:** March 10, 2011, 03:42:49 AM »

Quote from: veegee on March 10, 2011, 03:36:15 AM

Sorry Pondus, but I do not have anything that reads additional options & attach.

When you Reply, e.g. make another post, there is an Additional Options link, which when clicked expands, see image (click to expand).

veegee · « **Reply #6 on:** March 10, 2011, 07:35:23 AM »

Thank you for your help DavidR, sure made it clearer.

But I really don't know where to find these shield log files and would greatly appreciate your help with this.

Thanks

Windows 7 home premium, avast6 free

DavidR · « **Reply #7 on:** March 10, 2011, 02:41:57 PM »

You're welcome.

Check the C:\ProgramData\AVAST Software\Avast\report folder and open them using notepad. The information is in chronological order, latest entries at the bottom. If you can find the relevant entries, you could just as easily copy and paste the various detection entries into your post and not have to attach the actual files.

YoKenny · « **Reply #8 on:** March 10, 2011, 03:14:26 PM »

Quote from: veegee on March 09, 2011, 11:35:59 PM

Windows 7 Home Premium, IE8, Windows Firewall, Windows Defender,Avast 6

So that you do not have to put this in your posts please go to PROFILE then Modify Profile then Forum Profile Information then update your Signature: with information like my signature and DavidR's signature as this helps the helpers offer pertinent advice.

In Account Related Settings select Hide email address from public? to prevent scammers and spammers harvesting your gmail.com email address.

Note: After you hide your email address only you and the forum Moderators can see your email address.

veegee · « **Reply #9 on:** March 10, 2011, 07:52:08 PM »

Here are the log files:

File Shield Log File

01/03/2011 6:30:21 PM   C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll [L] Win32:Spyeye-BG [Trj] (0)
While moving file to chest, error occurred: The process cannot access the file because it is being used by another process
File was successfully deleted...

05/03/2011 5:31:38 PM   C:\Users\myname\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLPZUILG\toughest-yoga-poses[1].html [L] HTML:Script-inf (0)
File was successfully moved to chest...

06/03/2011 9:18:35 PM   C:\Users\myname\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HGW9RCG0\setup[1].exe [L] Win32:Rootkit-gen [Rtk] (0)
File was successfully moved to chest...

Web Shield Log File

20/02/2011 2:33:31 PM   http://touristinfo-clinika.tk/scanner15/?afid=90|>{gzip} [L] JS:FakeAV-FQ [Trj] (0)

05/03/2011 5:31:38 PM   http://francisbrunotate.blogspot.com/2011/03/toughest-yoga-poses.html|>{gzip} [L] HTML:Script-inf (0)
05/03/2011 5:32:38 PM   http://francisbrunotate.blogspot.com/2011/03/toughest-yoga-poses.html|>{gzip} [L] HTML:Script-inf (0)

06/03/2011 9:08:23 PM   http://5d7539.innersafe14.com/setup.exe|>{gzip} [L] Win32:Rootkit-gen [Rtk] (0)
06/03/2011 9:16:42 PM   http://5d7539.innersafe14.com/setup.exe|>{gzip} [L] Win32:Rootkit-gen [Rtk] (0)

Author Topic: Virus Attack or???? (Read 4596 times)

veegee

Virus Attack or????

Pondus

Re: Virus Attack or????

veegee

Re: Virus Attack or????

Pondus

Re: Virus Attack or????

veegee

Re: Virus Attack or????

DavidR

Re: Virus Attack or????

veegee

Re: Virus Attack or????

DavidR

Re: Virus Attack or????

YoKenny

Re: Virus Attack or????

veegee

Re: Virus Attack or????