Early this morning I was going to check something on http:// bludomain dot com (space and dot for safety…did not insert link)…which is where our daughter hosted her website…when all the bells and whistles went off with my Avast Free 4.8 Home version. The home page was just loading and not expected I just wanted out so didn’t think to do a PrintScreen to capture information. Did not note the Trojan it had in the window that popped up above my Taskbar but the other window said abort connection or connection aborted. My computer just froze and so did I.
After closing down computer and coming back in I looked at the Avast Log Viewer and didn’t see anything in the Emergency, Alert or Critical windows.
Looking at the Warning window I see at 12:55:13AM and at 12:5755AM :
Sign of “HTML:IFrame-CR[TRJ]” has been found…
I haven’t gone back in to check it again but need to know what that is. Avast did do an update a bit ago.
Can someone check on this as it is used by a lot of people and our daughter needs to get in the site to contact them for some changes she needs to make. Thank you for any help.
(Edit…Since I am new…how do I edit my local time? It is 12:08PM here)
Are you using Windows XP/Vista?
Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives.
Boot.
If infected files are found, it’s safer to send them to Chest instead of deleting them.
This way you can further analysis them.
If you’re clean, let’s not worry that much about the past.
Hope they can check if the webpage is really infected. Generally, avast detection is accurate.
Thanks for the quick reply. I am using XP Sp2 I didn’t schedule a boot-time scanning but can do that. Hope someone can get to the site and let them know then. Will post back after another scan is run.
WinXP SP3 has been available for over a year so you should go to Tools then Windows Update in Internet Explorer and install all updates as it provides performance enhancements and several Critical updates.
Go to Control panel then Automatic updates then enable at least Notify me but do not download updates.
Meaning it is 1x1 pixel big, which is supicious to me, I am not sure how relevant it is here, and will need some more investigation
(maybe a word from the ALWIL team?)
You should update to SP3 as it has been available for some time now, and not updating leaves you vulnerable…
Thank you all for replying so far! I just bought an external hard drive to back up my computer so I can upgrade to SP3. Reading elsewhere on the forum I saw that using the Free Home version we can’t schedule a Boot-time scan. I did run the Avast Thorough scan when I had Restarted and Malwarebyte’s with both being clean. Maybe the site is ok now.
I’ve been reading in these forums for quite awhile and appreciate your help :).
Scott thanks for letting me know that you also didn’t get an alert today. I thought I ran my Avast after restarting about 1AM when the Trojan got me…but must of run it earlier. After posting here I ran it again and it picked up the Temp file from that time. After seeing what it was I deleted it instead of putting it in the Virus Chest. Once again I could go to the website and no bells or whistles. Reran Avast and it just finished…showing all clear. On to updating computer…thanks for the help everyone. : )
As it is a web hosting site there may be lots of ways for them to get infected, if you got there the next time and it message doesn’t pop up they may have removed it, or it may be a false positive. If the site has advertisements it may be safe to block those using something like adblock for firefox
The problem here wasn’t quantcast but but something another (it still is, because infection is there - it is not cleaned). Infection may be still located in
bludomain.com/rss/index.html
. There is 10! occurences of the same injected script which redirects to
http://de[!REMOVED!]aw.cn/werkei/tst/index.php
which is known malware source. One of that occurances is shown in the attached image (using red arrows).