now many sites including trusted sites as CNN, BBC and so on is infected with the attached virus. It’s reported by avast, AVG and Avira :o :o
What exactly is going on? ??? ???
Are you on a network?
on an ADSL network ???
Just your computer connected to your ISP via a modem?
Not connected to any other computers at work, home, the house or apartment?
Well this is a continuation of your persistent problem, something is redirecting/trying to connect to those sites and avast is blocking malware.
I would suggest you try a different browser as it looks like yours is compromised and whatever it is hasn’t been found in your other topics.
Try these (if you haven’t already done so) and see if they find anything.
Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.
- Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip.
- Trend Micro RootkitBuster - http://www.trendmicro.com/download/rbuster.asp
- F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight
If still having problems, post a HijackThis! log.
attached :-\
Can you post the contents of your Hosts file?
http://en.wikipedia.org/wiki/Hosts_file#Location_and_default_content
You don’t appear to have an active firewall, or it is disabled or you are using the windows XP one. What is your firewall ?
Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.
Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.
Do you know what this is ?
Unknown:
C:\Program Files\BitCometAntiARP\BitCometAntiARP.exe
O23 - Service: BitComet AntiARP - Unknown owner - C:\Program Files\BitCometAntiARP\BitCometAntiARP.exe
I have heard of BitComet, a BitTorrent download client, but a google search for the above file name doesn’t give much information. If it were a legit file associated with BitComet I would have expected confirmation of that in the google searches and that isn’t the case.
Upload to VirusTotal - Multi engine on-line virus scanner and report the findings of these files here.
Other than that I don’t see anything obvious.
http://www.virustotal.com/analisis/294f493a70eec0469993d8b2452d4edc
http://www.bitcomet.com/tools/antiarp/index.htm
Just your computer connected to your ISP via a modem?Not connected to any other computers at work, home, the house or apartment?
Can you post the contents of your Hosts file?http://en.wikipedia.org/wiki/Hosts_file#Location_and_default_content
Hi Minacross…
Is this Firefox you’re using? If so, do you get the same results with IE or any other browser?
Best Regards…
FreewheelinFrank,
- my pc is connected to other PCs on the network.
- hosts file attached in 2 parts.
ardvark, it’s IE.
part II
Spybot S&D HOSTS file is not very good and not verified for active entries.
I de-selected the Spybot S&D Hosts file from installing and I use hpHosts and MVPS HOSTS files managed by HostsMan:
http://www.abelhadigital.com
1) my pc is connected to other PCs on the network.
OK. Look at the advice you were given here:
http://forum.avast.com/index.php?topic=37217.msg311701#msg311701
Is my computer infected with virus?Ans: Not necessarily. It is more likely to be due to an infected computer in your network.
- Is my ISP inserting the javascript line?
Ans: Definitely NO. This problem is caused by computers infected in your physical network. Your ISP does not insert js into your pages. It is illegal to modify data in any way by the ISP, except for blocking certain data which is likely to cause problems.
Another computer on your network is injecting the malicious script into web pages you visit: you must disinfect all PC’s on the network.