Since I’m very much a novice in this department, I’m just hoping to have a few questions answered by the experts. If you need me to post logs, I will. But I doubt it. It’s pretty straight forward.
Long story, short: I stopped by a chat site that I used to frequent. The kind that was popular 10-15 years ago. It still has the same old school layout, and I assume the same old school security, because I’ve seen it attacked few times. Rapid fire spam, unclosable (obscene) webcams, etc, etc. Well, when I logged in this time, Avast hit me with an alert almost immediately. A threat had been blocked. The object in question ended in “HACK3.php”. The infection was listed as “JS:Agent-EAA [Trj]”. I logged out a minute later, and ran scans with the programs that I had on hand – Avast (Nothing), SuperAntiSpyware (Nothing serious), ShieldsUp (100% Passes all around). I even downloaded a couple of the more popular antiviruses, and didn’t get anything from those either. As far as I could tell, the attack was blocked. It was still unacceptable though. If a site can’t guarantee a safer experience than that, and people can’t pretend to be humans, then it’s not worth the time.
My questions…
Can anyone tell about that particular infection? What would be the goal behind a trojan like that?
Did I handle the attack correctly? Other than Avast, are there any other free programs that I should be running on a regular basis?
Is it possible that other infections got through and went undetected?
Malicious java script, maybe a blocked fake alert ?
I even downloaded a couple of the more popular antiviruses
Dont do that >> https://www.kaspersky.com/blog/multiple-antivirus-programs-bad-idea/2670/
If you want a second opinion use a online scanner like TrendMicro house call or F-Secure online scanner
Is it possible that other infections got through and went undetected?
If you want a check, follow instructions in the sticky post at top in this forum section
I feel like it was meant to be worse. But that’s possible.
use a online scanner like TrendMicro house call or F-Secure online scanner
Okay. Both turned out fine.
If you want a check, follow instructions in the sticky post at top in this forum section
Done. I’ve attached my Malwarebytes and Farbar logs. If anything seems off, please let me know.
I have another question. Hopefully this is the place to ask. My PC’s been freezing up lately. It’s been especially bad the last couple days. So I checked the Task Manager, and the DNS Client service was driving my CPU usage into the 90-100% range. Then I took a look at the Host file. It was modified on the same day that this trojan occurred. In addition to blocked adult sites and everything you’d expect, the Host file also included (what appeared to be) blocked security sites – ones with “avast” and “avg” in their URLs. I cleared the entire thing out, taking the file size from around 50k down to 1k. And, so far, I haven’t had another freeze up.
Could this have been related to the malicious java script from before? Should it be alright now?
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Not sure I follow on the Avast detection question. I am glad to be completely rid of Chromium though.
As for my previous question: Rather than a malicious program modifying my Hosts file on the day of the (blocked) attack, I’m thinking that it was done by one of the other antiviruses that I carelessly installed at the time.
That should just about cover it. Your kindness has been much appreciated.