cannot detect source of virus

Hi,

Whenever i visit any web page in Firefox/internet explorer i get this pop up from avast

Signof “HTML:Malware-gen” has been found in “http://u.a[broken]sdafdgfgf.com/ads.js” file.

i normally abort the connection as prompted

however this problem is occurring quite often…i am not able to detect any virus even during boot scan.

I am using the latest version avast 4.8 , virus definition is set to auto update.

Pls help

if i understand this correctly everything is fine :wink:

what happens to you is: you visit a website where a malware-file waits for infecting you and avast aborts the connection to the site before the virus can get to your computer…

so its ok if the virus-scan doesn’t find anything on your HDD.

yours onlysomeone

PS: if i missunderstood anything please tell…

Something is directing your browser to the malware site: probably an undetected Trojan downloader.

A couple of anti-spyware scans would be a good idea:

Spybot Search & Destroy
SUPERAntiSpyware Free

Also try some online scans. (Disable avast! while scanning.)

F-Secure
BitDefender
Panda
Trend Micro Housecall
ESET Online Scanner

If still having problems, post a HijackThis! log.

I ran adware SE and found nothing…strange though i am not getting any popups from avast any more.

Try visiting http://u.asdafdgf[broken]gf.com/ads.js by clicking on the link…only then i get a prompt from avast…TRY AT YOUR OWN RISK.

I had inserted a usb drive the other day …maybe it has come from there…but i can’t help…the usb stick autoruns …and the pc gets infected.

Please post a HijackThis! log and we’ll check if your computer is clean.

http://www.bleepingcomputer.com/tutorials/tutorial42.html

I am not getting any prompts from avast anymore…I think i got rid of it

You are using an old version of HJT, you are also running it from a folder that isn’t its own HJT folder, FileHippo Download - HiJackThis, this should install it in its own folder.

Once you have done that run HJT again and post another log.

I THOUGHT I GOT RID OF IT…ITS BACK…EVEN AFTER I DID A FRESH INSTALL OF WINDOWS

PLS HELP…EVEN WHEN IM DOWNLOADING HIJACK THIS ITS BUGGING ME

CAN’T FIGURE OUT WHAT’S TRIGGERING IT

Are you connected to a network?

Did you completely reformat when installing Windows?

This warning could be related to a file-infecter virus:

http://forums.majorgeeks.com/showthread.php?p=1126703

we’ll i restored the partiton image using quick restore…it came with the notebook

i have other partitions too…but i ran avast boot scan and found nothing

My ISP is lan based but they have disabled network sharing only tcp/ip protocol is active

system task manager appears to be clean …nothing appears suspicious to my eye.

what the hell is going on :o

The problem with using either a restore disk or reinstalling windows from scratch, the version could be way out of date with many security updates after SP2, leaving you vulnerable to exploits that were patched in the missing security updates after SP2. So you need to ensure that your OS is fully up to date.

I really think you jumped the gun in the re-installation.

I don’t see anything obvious in your log.

Is sify.net your ISP ?

Your JAVA version has just been updated.
Ensure you have the latest version of JRE (JAVA Runtime Environment) because older versions can be vulnerable to malware. First remove All Older Versions From Add/Remove Programs.
Then get the latest update from here http://java.sun.com/javase/downloads/index.jsp
Or JRE version 6 update 6 http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html

If it were a Virus file infecter I would have expected avast to have picked up on multiple infected files, as avast does have a number of Virut signatures 63, but it is possible that it could be a variant.

There is a possibility that this is hidden piece of malware.
Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.

I have installed all security updates post-sp2… except for internet explorer 7 …I don’t like it…I hardly ever use it…FIREFOX RULES!!

I was getting prompts …even when I was logging into yahoo messenger

I ran spybot search n destroy,avast rootkit without getting any results

it looks like the ads within yahoo messenger…were generating alerts

Sign of "HTML:Malware-gen" has been found in "C:\Documents and Settings\Vim\Local Settings\Temporary Internet Files\Content.IE5\C523SP23\ads[2].js

I ran http://siri.geekstogo.com/SmitfraudFix.php … and now I am not getting any alerts…even after i log into messenger.

even the

Sign of “HTML:Malware-gen” has been found in “http://u.asdafdgfgf.com/ads.js” file.
has stopped appearing for a while now

Is the system clean…or the malware is still hidden

Could be a compromised ad server on Yahoo was serving pages with a link to the malware site?

Hi there vim rossi,

First of all,i believe this Trj downloader is trying to exploit javascript cod,e so make sure you have the latest java on your system, and then limit its ability on your system/browsers.

Now onto the problem at hand, I am almost certain that your computer is not infected (thanks to avast), its is way more likely that a zombie PC is attempting to redirect you to the infected site in question.
From what i can find out about the activities of this malware, its attempted to direct you to either one of these sites:

g[DOT]asdafdgfgf[DOT]com/ads.js
u[DOT]asdafdgfgf[DOT]com/ads.js

Both domains are related to the 222.216.28.25 IP address (located in china)

So i suggest blocking the two above domains with your hosts file, and consider blocking the Ip address with your firewall.

P.S. Just so you know, it seems from reading around that the “zombie PC” may be in your ISPs network, or your local LAN network. (deep scan all PCs on your network to be sure)

–lee