Everytime when I use/open any programs(Notepad.exe) or the FTP program to upload or download files, I will see this message"A Trojan Horse Was Found!" window pops up. Also, I got this message when I use the “MS-Remote Desktop Connetion” program. I try to delete it and “Move to chest”. But the AVAST cannot delete it. Can you tell me how to delete it? Is it a virus? Is it safe to delete it?
avast! Warning – Pop-up Window
A Trojan Horse Was Found?
File name: C:\Winnt\OFKKST.ITF
Malware name: Win32:Daonol-P [trj]
Malware type: Trojan Hose
VPS vsersion: 090519-0, 05/19/2009
You said earlier you couldnt delete it. You always should first move it to chest, otherwise if you have another clean computer you can use disconnect the infected computer from internet unless it is important. This way the virus cant report anything or download anything. Try doing a boot scan and post the log
I second the virustotal’s results. Again, as John2009 has stated, keeping it in the chest can do no harm. If you find out that the file(s) are needed, you can always restore them from the chest.
Why have you not sent the file to Virustotal. Go to the website, choose browse, navigate to the file, and send. The file will be examined,and the results shown.You can then copy/paste the results here. http://www.virustotal.com/
Did some googling and found about it. Avast! is right but it looks like a FP. This might be due to its new.
Your website might have the following code if you had the virus on it. (See picture one) and when I tryed to save it as testingtesting123.html, it alerted a virus. (See picture 2)
They say IX Web Hosting was hijacked to add the code to all the sites. I suggest you contact them to tell them they were hacked.
Just because there are very few hits on virustotal means very little in this case as very few AVs even check this and of those that do avast is on top of its game.
I also don’t see how your example bears and resemblance to the original posters (OP) alert.
The file name and location is his hard disk, your example is the web.
The malware name is Win32:Daonol-P [trj], your is JS:Redirector-D [trj]
So what are you on about, it has nothing to do with what the OP has posted.
And you know that this is how he got infected, rubbish. You can’t possibly know that from the information posted, it is pure speculation and that doesn’t help the original poster.
That is why we point people to virustotal to first confirm or deny the detection.
Have to agree with you there. The first thing we will have to do is know beyond any shred of a doubt with what malware we are dealing here, and that can only be established from the actual infection on the victim’s machine. We have to start from the information the victim provides us with: a virustotal or jotti scan result, a infectious hyperlink (made non-clickable), a hjt log and/or various other ways to establish the source of infection. Furthermore malware is ever evolving, the malcoders even can have random infection code, so every infection vector should be treated as an individual case. Speculation will lead the victim and the malware helper away from the goal that is removal of the malware at hand,
It may not have been a script at all that was the cause, there is nothing that confirms this in this topic at all.
If you don’t understand that concept then perhaps you should then perhaps you should watch and learn rather than give advice that is based on speculation.
When you suggest that something might be an FP (which you did earlier and why I responded), you have to back that up with clear proof or your advice could potentially harm another users computer.