Hey frnds, I am novice regarding computers.when i open my laptop,a message comes "Access to suspicious site (site name mentioned) blocked. I have Avast 4.8 pro. Then after some times another window opens with heading “Suspicious File Found!” It tells:-
A suspicious file has been detected(using heuristic method).This may be a sign of malware infection.Please allow the site to be submitted to our virus lab for analysis.

File name: C:\tgt.exe
Type: rootkit: hidden process

Please tell me what to do so that all this problem goes away. I will be thankful if u tell me exactly the steps since i dont know much .Thanks,
Sumit

There should be an option to send to avast for analysis (this should be checked automatically) allow it to be sent. The recommendation on the alert window is Allow, which with this heuristic detection is best.safest to be used.

I would say it is suspect too and there are some google hits to confirm that, I would suggest that you check the file out.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.

It may be worthwhile to try some other tools:
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

• 1. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware On-Demand only in free version.

Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

Hi sumit08162

93.5 KB (95,744 bytes)
MD5: B3C935DF38AF1FEB04DE8EAC3ABFE422
SHA-1: 0970496518185C5CA27EFA9E866C70E2DBDAB897

Tgt.exe (Tgt) is a trojan virus and is classified as a generic trojan virus. Tgt.exe is associated with herss.exe, cvasds0.dll, cvasds1.dll, and cvasds2.dll.
Tgt.exe File Location – C:\Tgt.exe
Threat name
Win32.X aka Worm.Win32.Taterf!IK aka Trojan.PWS.Wsgame.12661 aka a variant of Win32/PSW.OnLineGames.OTI
Filename
%%root%%\tgt.exe
Filesize
Unknown
Last seen
02.19.2010
Status Unsafe

This file can perform following behavior.

• File is created as process on the disk.
• This process can create, delete or modify files on the disk.

Files Created
%Temp%\herss.exe
%Temp%\cvasds0.dll (0-9)
X:\tgt.exe
X:\autorun.inf

%Temp% = C:\Documents and Settings[UserName]\Local Settings\Temp
X:\ = C:- Z:\

Registry Modifications
Keys added
HKLM\SOFTWARE\Classes\CLSID\MADOWN

Values added
HKLM\SOFTWARE\Classes\CLSID\MADOWN\ urlinfo = “dsdq1tl.e”

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
cdoosoft = %Temp%\herss.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Advanced\ Folder\Hidden\SHOWALL\CheckedValue = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
Advanced\Hidden = 0x00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
Advanced\ShowSuperHidden = 0x00000000

Remote Host
202dot111dot175dot157 port 80

Data identified/URLs to be downloaded
wXw.sinasj9.com/1mg/am1.rar

See all so
http://www.robtex.com/ip/202.111.175.157.html

=======================================================
วิธีกำจัด/แก้ virus : tgt.exe , herss.exe

polonus