I was in Yahoo! Chat room and someone sent me a trojan virus through the room. Avast! was not successful in blocking it, it only blocked 1 of the attacks.
Here is the log from the file system shield:
Started on: Friday, September 9, 2010 12:05:28 PM
*
9/10/2010 2:46:54 AM C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\GP6R4TQJ\rotator[1].htm [L] JS:Downloader-ACM [Trj] (0)
File was successfully moved to chest…
9/10/2010 2:46:58 AM C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\EHTANAPW\mdac[1].htm [L] JS:Downloader-ACM [Trj] (0)
While moving file to chest, error occurred: The process cannot access the file because it is being used by another process
During the file delete, error occurred: The process cannot access the file because it is being used by another process
9/10/2010 2:47:04 AM C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\LFZB99OA\asshole[1].pdf [L] JS:Pdfka-AMI [Expl] (0)
While moving file to chest, error occurred: The process cannot access the file because it is being used by another process
During the file delete, error occurred: The process cannot access the file because it is being used by another process
9/10/2010 2:47:04 AM C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\LFZB99OA\asshole[2].pdf [L] JS:Pdfka-AMI [Expl] (0)
While moving file to chest, error occurred: The process cannot access the file because it is being used by another process
During the file delete, error occurred: The process cannot access the file because it is being used by another process
*
The trojan started up Java and started to flash pictures and open websites until I disconnected from the internet. I ran a quickscan of my temp internet file folder and Avast found 2 of the infected files that escaped it the first time. I deleted the 3rd infected file manually.
Then I ran a boot-time scan and here is what it found:
File C:\Documents and Settings\Sam\Application Data\Sun\Java\Deployment\cache\6.0\10\35ace28a-5720654c|>mosdef.class is infected by Java:Agent-BA [Expl], Moved to chest
File C:\Documents and Settings\Sam\Application Data\Sun\Java\Deployment\cache\6.0\28\4924ce9c-50f251c9|>seopack.class is infected by Other:Malware-gen, Moved to chest
Number of searched folders: 15381
I am a little disappointed that AVAST failed to prevent the files from infecting my computer. :-[ Are there some settings I can do to prevent this in the future? Does anyone have any idea what kind of harm this attack did to my computer??? Thanks for your help!!!