Since yesterday, I have been receiving an alert that a trojan has been blocked. The trojan is JS:IFrame-AC which I think is a downloader. The source of the trojan seems to be e-merl dot com, a site I visited briefly without incident. The alerts only started some time later.
I have run scans with avast, MBAM, spybot s&d, housecall and even Windows Defender all of which found nothing. I ran HiJack This, although it couldn’t access the hosts file or create a log. I have tried every way I know to elevate it to administator and it wont let me. I’m not sure if the alert is some kind of false positive, or a glitch or if there is a trojan on my laptop. Any advice would be greatly appreciated.
Thanks for the help Pondus. It does seem like that website is bad. I had thought the source was actually a different website. But I must have jumped to the wrong conclusion because it seems it is an RSS feed to a webcomic that I actually haven’t visited in a while. I’ve deleted that feed from my bookmarks. I think the alert probably was coming up every time the feed tried to reload itself.
Anyway, I ran aswMBR as you suggested. The logfile is attached.
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.
[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Under Additional Scans check the following:
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Hi essexboy, thanks for taking the time to help me out. I’ve attached the OTS log as requested.
Since I deleted the old RSS feed from e-merl I haven’t had any more alerts, and scans still come up clear. One odd thing has happened though: the scroll function on the touchpad of my laptop has stopped working. A .dll which controls it (?) fails to load and an error message pops up to tell me about it. I suspect that this is just a coincidence, but I don’t want to try and fix that until I know there is no malware sneaking around. I thought I’d mention it anyway, on the off chance it’s significant.
Yay! Thanks so much that’s a weight off. Really appreciate you guys taking a look at my problem.
The dll that fails to load is lanucher.dll a component of Apoint.exe. Seems I didn’t know I’d miss it until it was gone. Or that it existed to be honest ;D
The new dll didn’t actually work, which struck me as odd. So I trawled through an old thread on the Dell Support forums and found out this is a common problem on Dell laptops that Dell are pretty useless at fixing (they suggest reinstalling the OS). No one seems to be sure what causes it or why it only stops working if you click OK in the error box. If you leave it alone the scroll continues to function. Weird. Anyway I uninstalled the driver and got a new one, elevated the driver software to administrator and stopped Defender from blocking the driver on startup. Seems to be working now.
Thanks for locating the dll for me, I probably would have continued to live in a scrolless universe otherwise.
I’m having the same problem on my dedicated server (windows server 2008 R2).
Can you please help me out essexboy? (It won’t let me message you)
I have avast anti virus server edition installed on a dedicated server running multiple websites. When I scan it picks nothing up. But I have a virus or malware somewhere that keeps injecting javascript into index.x, default.x and login.x webpages. I can restore them, remove the JS by hand and everything will be fine for a while, but during my weekly scan it will usually pick up the same files with the same JS (linking to different sites each time) and delete them to the virus chest.
Luckily none of the websites are live.
I wont lie, I often use remote desktop to access the server at work to bypass the strict firewall settings we have. But I just browse Facebook and a few forums, nothing dodgy…