Author Topic: Win32:Mhtplo-22 & VBS Trojano-436  (Read 6499 times)

0 Members and 1 Guest are viewing this topic.

Offline Barr_y

  • Full Member
  • ***
  • Posts: 145
Win32:Mhtplo-22 & VBS Trojano-436
« on: December 08, 2004, 07:30:25 PM »
Can anybody tell me what these are relating to in my Log View
It says Sign of VBS Trojano-436 has been found in, xxx then I can't read anymore as it wont expand. The same with the other one in the title. I have run Avast but it hasn't told me it has found anything. Should I be worried about these?
I always try, but don't always succeed.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re:Win32:Mhtplo-22 & VBS Trojano-436
« Reply #1 on: December 09, 2004, 01:32:57 AM »
Can you run a boot time scanning? (Are you using Windows XP?)

You can browse 'Clean' on my signature for virus removal information  ;)
The best things in life are free.

Offline Barr_y

  • Full Member
  • ***
  • Posts: 145
Re:Win32:Mhtplo-22 & VBS Trojano-436
« Reply #2 on: December 09, 2004, 10:56:41 AM »
Hi Technical I can't say where the potential virus is as I can't expand the log view, but it was in the warning part of log view, and although I can see the names of the risks I have searched my computer and come up with nothing. Running Spybot and Adaware also shows nothing on my computer, and it is not reacting strangely in any way.
I always try, but don't always succeed.

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:Win32:Mhtplo-22 & VBS Trojano-436
« Reply #3 on: December 09, 2004, 11:56:29 AM »
Hi,

google is your friend, as is the board-search: they both go here:
http://forum.avast.com/index.php?board=4;action=display;threadid=8391

a) try emptying all your BrowserCaches/Temp-Internet.files  including OFFLINE files for all users (best in SafeMode)

b) look either in the Logfiles in Avast(Sub)folders for location/path/filename of the stuff, or in ControlPanel -> Administration -> eventLogs

P.S.:
usually you can quite easily expand the avast log-view, by dragging the edges of the title bars for the respective columns
 ;)

P.P.S.: Links with Info on the trojano-436 can be found here:
trojano-436

MHT..

(e.g. follow the red links there to Trendmicro,mcafee,symantec)
 ;)
« Last Edit: December 09, 2004, 12:01:25 PM by whocares »

Offline Barr_y

  • Full Member
  • ***
  • Posts: 145
Re:Win32:Mhtplo-22 & VBS Trojano-436
« Reply #4 on: December 09, 2004, 12:27:33 PM »
Thank whocares but if you visited my web site you would know I always clear my cache and everything else as I do tutorials on this sort of thing. I followed the red link but did not see any real cure. Also what really bugs me, if Avast found these trojans in the first place why didn't it put them in my virus chest for deletion? I did notice something pop up at the time I was on the Internet and it read something about virus warning but thought it could have been a hoax, If it was Avast giving me this warning I certainly didn't see an Avast sign on it, so being me just clicked the red x  If it was avast giving me a warning could somebody please tell me where to look for the Avast name on it in case it happens again.  PS Boot scanning is taken care of by SpyDoctor
« Last Edit: December 09, 2004, 12:29:45 PM by Barr_y »
I always try, but don't always succeed.

Offline Spyros

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1139
Re:Win32:Mhtplo-22 & VBS Trojano-436
« Reply #5 on: December 09, 2004, 12:41:48 PM »
If it was avast giving me a warning could somebody please tell me where to look for the Avast name on it in case it happens again.

It will look like this..

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:Win32:Mhtplo-22 & VBS Trojano-436
« Reply #6 on: December 09, 2004, 02:16:32 PM »
1)
 I always clear my cache
... I did notice something pop up at the time I was on the Internet

2)
 Also what really bugs me, if Avast found these trojans in the first place why didn't it put them in my virus chest for deletion? ... so being me just clicked the red x

@1)
how can your cache be empty while you're surfing ?  ::)
and if you cleaned your cache (manually or automatically) before running avast Scan (was it thorough and with archiveScan enabled, btw..?)
-> Then of course avast won't find anything anymore OnDemand

@2) because being you  ;D , you just clicked avast's warning away, and then it (=the On-AccessScanner) just denied access and left the file in place

- Do you have avast home or pro ?
- what about the XP-EventLogs ?

[EDIT]
P.S.: The avast name on it is what you gave in your topic-title or under the ALWIL section in the VGREP listings

And as to "cure" ..
a) there is no real cure necessary if you use a secure browser, i.e. NOT  IE -> delete the file detected by avast, or clear out your cache
b)  IF the Exploit could exploit your browser/system, then check for additional/followUp-infections with e.g. avast, ESCAN & Hijackthis (or Spydoctor) ;)
« Last Edit: December 09, 2004, 02:35:58 PM by whocares »

Offline Barr_y

  • Full Member
  • ***
  • Posts: 145
Re:Win32:Mhtplo-22 & VBS Trojano-436
« Reply #7 on: December 09, 2004, 03:37:50 PM »
Thank Spyros and whocares The item that appeared on my screen wasn't the one shown.  So the point is I didn't click avasts warning away.  I have the Avast Home 4.5 version. I don't find I/E an insecure browser either, thats a matter of opinion, with SP2 and all its new protection. What I have, has always been OK.  I do Have Spyware Doctor, AdAware and Spybot.  I always scan at least once a week with Avast set to high and with Archive scan enabled. After downloading anything, I right click and have it scanned before opening, plus emails are looked at on my isp before downloading through mailwasher and B9. Cache is emptied when I come of the net of course. I do not allow cookies only session cookies. Where they are allowed I set them in I/E.
I always try, but don't always succeed.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31305
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Win32:Mhtplo-22 & VBS Trojano-436
« Reply #8 on: December 09, 2004, 03:45:46 PM »
Quote
PS Boot scanning is taken care of by SpyDoctor
I strongly suggest you remove Spydoctor at once.

http://www.spywarewarrior.com/rogue_anti-spyware.htm
« Last Edit: December 09, 2004, 03:48:58 PM by Eddy »

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:Win32:Mhtplo-22 & VBS Trojano-436
« Reply #9 on: December 09, 2004, 04:07:21 PM »
I do Have Spyware Doctor,

Hi Eddy,

Barry hopefully meant the above, which is probably not suspect; and not the initially listed "SpyDoctor"

*

@Barry,

maybe it was the MailScanner running silent mode, that's why you didn't get an alert/popup
But SOME avast component must have detected it, as those are clearly avast-detection-names
you could find out (see above), but if you don't want to, you don't need to ...
So I rest this here
 ;)

Offline Barr_y

  • Full Member
  • ***
  • Posts: 145
Re:Win32:Mhtplo-22 & VBS Trojano-436
« Reply #10 on: December 09, 2004, 04:18:31 PM »
Hi Eddy and whocares you are right I did mean Spywaredoctor, it was a case of my wife wanting to go shopping and I typed the wrong thing in. I did say that it wasn't avast that gave me the warning,  it wasn't the same thing spyros showed in his post. It was something telling me to click here and there and that is why I said me being me I clicked the red  x as I was suspicious.  Could somebody please post an english version of what spyros posted as I couldn't read it when I saved it. I will look and solve this if I can whocares, because I do care.
I always try, but don't always succeed.

Offline Spyros

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1139
Re:Win32:Mhtplo-22 & VBS Trojano-436
« Reply #11 on: December 09, 2004, 04:26:11 PM »
Barr_y,
I found the pic by searching google.

If you want to see it in English, open your speakers (not too loud!!  ;D)
and press this link (harmless eicar test file):

http://www.eicar.org/download/eicar.com

When it pops up, hit "delete".

Offline Barr_y

  • Full Member
  • ***
  • Posts: 145
Re:Win32:Mhtplo-22 & VBS Trojano-436
« Reply #12 on: December 09, 2004, 04:38:54 PM »
Great spyros thanks. What I did was right clicked it pressed alt  print screened and hit edit  in Paint, then saved it to my pictures. At least I know what to expect if it ever happens again.  I now have a great copy of the warning avast gives.
I always try, but don't always succeed.