I just visited 2 sites that i visited yesterday with no problems.
Today i visited them at a different wifi hotspot and Avast sent me the following 2 messages.

http://i28.photobucket.com/albums/c219/enjay2/Avast/AVASTwarning1.jpg

The URL i typed for this site is wxw.boxingscene.com/forums

http://i28.photobucket.com/albums/c219/enjay2/Avast/AVASTwarning2.jpg

[b]

I thought Avast blocked it, but when i did a FULL SCAN and it detected 3 infected files on my PC.

  1. Should i move to chest, delete, or repair the files infected with HTML:Iframe-inf.?
  2. Did Avast block the AL virus completely?
  3. Do i need to worry about HTML:Iframe-inf infecting other files, or will Avast be able to fix the problem by moving/deleting/repairing?

Thank you for your help.

[/b]

http://i28.photobucket.com/albums/c219/enjay2/Avast/AVASTFullScan02October2011.jpg

hey and welcome to the forum. i suggest send them to the chest. its a protected area where the malware can’t do any harm to your system. and you get more opition of dealing with the infected files rader if you hust delete them.

you can relax avast have protected you from the threat so no worry there.

if you want a second opition a program thats highly recomended also alongside avast is malwarebytes antimalware witch you can download and try and see if that comes up with anything avast might have missed.

http://filehippo.com/download_malwarebytes_anti_malware/

download install update and do a scan, don’t forget to remove what it finds. a system reboot mightbe needed.

good luck.

Thank you very much for the swift reply and the warm welcome, Mikaelrask.
I’ve done as you recommended, but one file couldn’t be found. Do you have any idea why?
I’m doing another Full Scan now just in case.

Avast is recommending a Boot Time Scan.
Also, Would you recommend doing this before or after installing and using Malwarebytes?

http://i28.photobucket.com/albums/c219/enjay2/Avast/AVASTactions.jpg

hey do the boot scan first sens it take longest time to do.

after the boot scan do a scan with malwarebytes just in case.

the file that could not be sent to the chest could be a harder file to deal with by using the scan option so a boot scan is highly recommended as avast said as well.

hope this will help you.

since they are located in firefox cache why not just try empty that first…

Thank you very much again for the clear advice, Michaelrask. I will do so.

Thanks, Pondus. I tried to clear my cache by following
http://support.mozilla.com/en-US/kb/How%20to%20clear%20the%20cache

It went from “Your cache is currently using 357mb of disk space” to seeing nothing displayed.
Nothing seemed to happen, (no progress bar or notification that the cache was cleared),
but i guess it worked because the directory “0” where the infected files were located is no longer there.

Is my cache clear now?

http://i28.photobucket.com/albums/c219/enjay2/Avast/AVASTmozillacache.jpg

unfortunately i wasn’t wise enough to take a snapshot before.

HTML:iframes comes from infected websites…it will usually redirect you to a new site that may download malware or give you porn popup etc

so if you empty the cache and avast does not detect anymore you should be fine

did you run a quick scan with malwarebytes ?

Thank you for explaining what HTML:iframes does, Pondus. I haven’t gotten any popups or malware yet.

Haven’t run malwarebytes yet. Will do so after Boot Time Scan.

Cheers

some iframe info

iFrame attacks: Blame your Web admin guy
http://www.zdnet.com.au/iframe-attacks-blame-your-web-admin-guy-339286892.htm

Malicious IFrame on Gadgetadvisor.com
http://www.f-secure.com/weblog/archives/00001687.html

MBAM scan revealed nothing.

But all of a sudden i got this message.
What does this mean?
Is Avast infected?

http://i28.photobucket.com/albums/c219/enjay2/Avast/AVASTMBAM.jpg

01:06:19 Chan MESSAGE IP Protection stopped
01:06:22 Chan MESSAGE Database updated successfully
01:06:26 Chan MESSAGE IP Protection started successfully
02:29:57 Chan IP-BLOCK 217.23.4.246 (Type: outgoing, Port: 64098, Process: avastsvc.exe)
02:29:58 Chan IP-BLOCK 217.23.4.246 (Type: outgoing, Port: 64099, Process: avastsvc.exe)
02:29:58 Chan IP-BLOCK 217.23.4.246 (Type: outgoing, Port: 64101, Process: avastsvc.exe)
02:29:58 Chan IP-BLOCK 217.23.4.246 (Type: outgoing, Port: 64102, Process: avastsvc.exe)

No avast isn’t infected. MBAM isn’t blocking avast as such, as the avastSvc.exe is the main avast service and it controls the various shields. The Web Shield routes all http traffic through its localhost proxy, so all MBAM sees is avastSvc.exe as the originating process, which is incorrect.

This is either you trying to connect to this IP via your browser or possibly a link in a site you’re viewing redirecting of getting content from that IP address.

What site were you on when this alert occurred ?

Thanks very much for your help and for clearing that up, DavidR. It’s a relief to know avast is not infected.

I was in
gmail and then opened a link from
wxw.megaupload.com which gave me a pop up for partypoker
and MSN with a friend in Holland which seems to be where that ip address is from

was my MSN be infected and trying to spread 'outgoing ’ malware to my friend?

Boot Time Scan found

file C:\Users\me\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\110830182103557.rscl>110830182103557-022445.file is infected by HTML:Iframe-inf

I have no idea what the individual files are, but the fact that they are in rescue and maintainence concerns me.
Would the best course of action still be to ‘move to chest’ first or would it be better to just try to repair it? Is there any risk if the repair fails?

Thanks for all the help. It is much appreciated.

You’re welcome.

The fact that MBAM actually blocked what it considered a malicious IP, it shouldn’t have infected MSN.

Personally I feel that the MBAM malicious IP blocking it a poor feature as it is too generalised, as other categories are also pinged and they may not be malicious.

Personally I would be looking back one level at Auslogics as that is the program, now it depends on which of the Auslogics stable of programs you were running, it could have removed something to the \Rescue\Sony Maintenance area. If so the actual importance of the 110830182103557.rscl (whatever that is) is lessened, as it the date of creation/modification, the older that is again lessens its importance.

So yes I would opt to send it to the chest. There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

That’s a relief to know. Thanks for clearing that up.

What are some non malicious things that MBAM might react to?

Thanks very much for all the mikaelrask, Pondus, and DavidR for all the help.

Second Boot Time Scan was clean.
Looks like the first Boot Time Scan caught the last HTML:Iframes.

It seems like the problem is solved.
Could Avast have missed something?
Is there anything else you would recommend to check?