Author Topic: Trojan horse blocked by web shield  (Read 2782 times)

Offline dadude770

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Trojan horse blocked by web shield
« on: January 21, 2012, 07:20:42 PM »
Hello, I would like to make sure that everything is fine.Avast recently blocked BV:DelFiles-AZ[Trj].This was blocked by the wonderful web shield. I did a full scan with MBAM all drives and nothing was infected.I also did a quick scan with Avast. I also checked my task manager and to me all is normal. Usual processes running etc. Also,if any professional would like the link I would be glad to give to him/her. Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Mariano :: MARIANO-PC [administrator]

Protection: Enabled

1/21/2012 10:58:11 AM
mbam-log-2012-01-21 (10-58-11).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 333489
Time elapsed: 1 hour(s), 7 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
« Last Edit: January 21, 2012, 07:25:14 PM by dadude770 »

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64873
  • Gender: Male
    • Personal Message (Offline)
Re: Trojan horse blocked by web shield
« Reply #1 on: January 21, 2012, 07:29:49 PM »
Seems you're clean due to Web Shield.

If you want more peace of mind, I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use Comodo Cleaning Essentials (CCE), or MBAM, or SUPERantispyware to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Read these instructions and provide more info with the logs generated. But, please, do NOT post there, open a NEW thread for your specific problem and help us to help you.
6. Clean your Hosts file (replacing it) with HostsMan tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster.
9. Check if you have insecure applications with Secunia Software Inspector.

If the infection avoids booting the computer, take a look here http://forum.avast.com/index.php?topic=79107.0
The best things in life are free.

Offline dadude770

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: Trojan horse blocked by web shield
« Reply #2 on: January 21, 2012, 07:34:54 PM »
Hello Tech, how do I delete temp files? Sorry, i'm not so experienced. Also, how do I accomplish this host file cleanse, and the system restore instruction that is all I have already completed the other instructions besides the root kit scan. However, my computer seems fine
« Last Edit: January 21, 2012, 07:39:40 PM by dadude770 »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21658
  • Gender: Male
    • Personal Message (Offline)
Re: Trojan horse blocked by web shield
« Reply #3 on: January 21, 2012, 07:39:43 PM »
Hello Tech, how do I delete temp files? Sorry, i'm not so experienced.

TFC - Temp File Cleaner by OldTimer
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.



Quote
Also,if any professional would like the link I would be glad to give to him/her
yes please....post it none clickable  www as wxw or http as hxxp



also i would suggest you go directly to Tech`s step Nr #5  and let Essexboy check it out..
then you want have to run all those tools  ;)

 

« Last Edit: January 21, 2012, 07:46:44 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline dadude770

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: Trojan horse blocked by web shield
« Reply #4 on: January 21, 2012, 07:56:31 PM »
Hey there I would be glad to give you thank link but, I can't copy paste in the web shield log.Any other way? However,I can tell you that it was a youtube page. Dang hackers infecting url's! Oh, and I will do step 5 as you said thanks!
« Last Edit: January 21, 2012, 07:58:59 PM by dadude770 »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21658
  • Gender: Male
    • Personal Message (Offline)
Re: Trojan horse blocked by web shield
« Reply #5 on: January 21, 2012, 08:13:12 PM »
« Last Edit: January 21, 2012, 08:51:20 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20123
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: Trojan horse blocked by web shield
« Reply #6 on: January 21, 2012, 09:13:42 PM »
The suspicious tag code on that URL:

-s.ytimg.com/yt/jsbin/www-core-vflhsQp1o.js suspicious
[suspicious:2] (ipaddr:74.125.227.0) (script) -s.ytimg.com/yt/jsbin/www-core-vflhsQp1o.js
     status: (referer=-www.youtube.com/illbbacksoon)saved 208421 bytes 3a20bd9be3ea01dfe36b135289cc991399010d94
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     info: [script] -s.ytimg.com/yt/jsbin/
     info: [script] -pagead2.googlesyndication.com/pagead/ads.js
     info: [iframe] -s.ytimg.com/yt/jsbin/
     info: [decodingLevel=0] found JavaScript
     suspicious:

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline dadude770

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: Trojan horse blocked by web shield
« Reply #7 on: January 21, 2012, 10:30:08 PM »
The otl log is more then a 1000 characters. I will do the rest of the steps tommorrow. By the way do I have to start a new thread for e something guy to help me?

Offline !Donovan

  • LÖVE Scripting Website Analyst
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2138
  • Gender: Male
  • f(x)=2x+1
    • The WAR Against Malware
    • Personal Message (Offline)
Re: Trojan horse blocked by web shield
« Reply #8 on: January 21, 2012, 10:36:33 PM »
The otl log is more then a 1000 characters. I will do the rest of the steps tommorrow. By the way do I have to start a new thread for e something guy to help me?
That's why you attach the log.

Nope. He can help you right here. ;)
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."
Useful Links: Sucuri SiteCheck | WAR | urlQuery | URLVoid | Wepawet

Offline dadude770

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: Trojan horse blocked by web shield
« Reply #9 on: January 22, 2012, 03:20:12 AM »
Ok I'll do the rest of the instruction soon it's quite late where I live.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28953
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Trojan horse blocked by web shield
« Reply #10 on: January 22, 2012, 03:02:52 PM »
Your logs look clean - are you experiencing any problems ?

Offline dadude770

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: Trojan horse blocked by web shield
« Reply #11 on: January 24, 2012, 01:03:59 AM »
None at all I am pretty sure i'm fine! EDIT: woha MBAM just blocked an malicious ip coming out of avast.svc or something like that. Oh, and here is what it said 2012/01/23 18:05:10 -0800   MARIANO-PC   Mariano   IP-BLOCK   87.118.92.88 (Type: outgoing, Port: 49318, Process: avastsvc.exe)
« Last Edit: January 24, 2012, 01:51:09 AM by dadude770 »

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28953
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Trojan horse blocked by web shield
« Reply #12 on: January 24, 2012, 08:27:17 PM »
Aye for some reason MBAM does not like some of the Avast update servers - which is why that is turned off on my copy of MBAM

Offline dadude770

  • Newbie
  • *
  • Posts: 9
    • Personal Message (Offline)
Re: Trojan horse blocked by web shield
« Reply #13 on: January 25, 2012, 12:05:52 AM »
Oh, ok cool. Well, seems i'm clean you may lock this thread  ;D

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now