Avast found a Trojan Horse on a website

I’m not really concerned since Avast stopped it, MBAM (A up-to-date MBAM) quick scan found nothing and the BitDefender Quick Scan also didn’t find anything. But do I report what websites the malware comes from here? I’m not to sure. Heh… :stuck_out_tongue:

Avast Warning Said:

File name: hxxp://google.analytics.com.sbpbjxiqsfix.info/kav/kav4.php
Malware name: JS:Prontexi-AP[Trj]
Malware type: Trojan Horse
VPS version: 100424-1, 04/24/2010

… I have gotten other warnings from Avast about a lot of malware from “kav” things… But anyway!

I added a attachment of a picture of the pop-up just in case I misspelled something, there’s a lot of letters and numbers in there.

Thank you for reading.
Many apologizes if I wasn’t supposed to post this.

Ads poisoning – JS:Prontexi
http://blog.avast.com/2010/02/18/ads-poisoning-–-jsprontexi/

http://www.google.com/support/forum/p/Google%20Analytics/thread?tid=77f11dfd32c11db7&hl=en
http://www.njnnetwork.com/tag/jsprontexi/

The web shield blocked/stopped the download to your system because the only option is to abort the connection (dropping that item) so it won’t have gotten on to your system.

This is masquerading as google.analytics.com to make you think that is where it is from when in fact it is from this domain sbpbjxiqsfix.info which avast has on its malicious sites list, see image.

Note, avast! 5.0 has been released for almost three months now, I would suggest you install that if you haven’t got win9.x or winME.

Hi Misuzu

This is what was found there. Last time suspicious software was found here was on 2010-04-24.
Malicious software includes 3 trojans, 2 exploits.

This site was hosted on 1 network(s) including AS21844 (THEPLANET).

Yes the site has been hosting malicious software to infect 3 domains, e.g.: idolator.com/, piratesonlineforums.com/, googlesyndication.com/,

http://scanner.novirusthanks.org/file/9106011b34c7180c8ff4891916e08c0f/a2F2NC5waHA=/
now seems given as clean

polonus

Thanks for all your help! ;D
I appreciate it!

I’m not very “malware-smart” but I’m learning more from researching and this forum. :slight_smile:
Except for I don’t know what ad poisoning is, but I think I can guess what it is. (Poisoning ads with malware?)

And yeah, I probably should update, I have Avast! 5.0 on my new computer and it works great.

Thanks again!

You’re welcome.

Not only does it work great (for me also) and looks better, it provides better protection.

Question about Avast! 5.0:

I just downloaded the .exe file for it from Avast’s website. Am I supposed to uninstall Avast! 4.8?
Avast! 4.8’s icon also had a “X” on it or something similar and Window Defender told me that changes was made to my computer when I was installing Avast! 5.0.

After Avast! 5.0 installed, Windows Defender said that Avast was out of date.

Are all these things normal when you install Avast! 5.0?

Should I uninstall Avast! 4.8? Will it cause any problems if I don’t?
And how do you uninstall Avast! 4.8?

Sorry for all the questions. That should be my last question in this topic. Sorry for anything off-topic as well.
Thanks!

You could have installed 5.0.507 (the latest version) over 4.8 as that would have retained your registration information, remover 4.8 and installed 5.0.

So if you just downloaded the installation file and installed it, avast 4.8 shouldn’t be there.

I don’t know anything about windows defender so I can’t advise what to do about that, I do know it can be a pain in the rear though by stopping new startup items.

Your right, I just checked and Avast 4.8 is gone now.

Thanks again. :slight_smile:

No problem, glad I could help.

Hi !

I thank you all so much for having such a great product. I too had the warning screen from Avast last night, and was scared. I disconnected and immediately ran a full system scan. Nothing was detected.

Here’s how mine showed up: hxxp://google.analytics.com.fhccvgjohscc.info/kav/KAV4.exe [L] JS:Prontexi-AP [Trj] (0)

I was on mediatakeout.com when it happened. Won’t be going there again.

Thanks again for a great product.

Yes another link trying to look like the official google analytics but not, just another no name malicious site, fhccvgjohscc.info.

Please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

Sorry bout that. I’ll remember next time. :-[

No problem.