Recently I fully scanned my computer with Avast and it found the following threats:
[b]
Threat: JS:downloader-FT [Trj]
Location: Windows/Temporary internet Files/Low/Content.IE5/4IOA5RG9/go[1].htm
Severity: High[/b]
[b]
And
[b]Threat: JS:downloader-FE [Trj]
Location: Windows/Temporary internet Files/Low/Content.IE5/KJ35SUOL/in[1].htm
Severity: High[/b]
I tried the ‘‘Delete, Move to Chest, and Repair’’ options and every time I clicked apply I get: Error: Access is Denied (5)
So then I tried looking for them manually but I couldn’t find the folder cause it didn’t exist. So then I thought avast deleted already, so I rescanned and it found it again. Can someone please help me remove these Trojans?
P.S. Thank you very much for your time.
Edit- My other Anti-virus programs don’t find them. ‘‘Clean’’. \
I doubt that this JS:downloader-FE [Trj] malware is detected by many other AVs as it is contained within the javascript in .htm pages.
Where were the Jave:Agent-B [Trj] detections found, file name and location, thanks ?
What avast version are you using 4.8 or 5.0 ?
If you have Win2k, XP, vista or Win7 (all 32bit), you could enable a boot time scan.
For 4.8 - Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php. Don’t opt for deletion (you have no options left), always send to the chest and investigate.
Look in the C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.txt file, check this file using notepad and copy and past the info on the detection.
For 5.0 - From the avast UI, Scan Computer, Boot-time Scan, Schedule Now button and reboot. Send any detections to the chest.
Unfortunately it will be a little while longer before the boot-time scan will be available for 64bit OSes in avast, it is hoped it will be in avast 5.1 when released around the Summer of this year, though no firm dates are given.
Looks like your Java version may not be fully up to date as this is normally how Java exploits get in.
I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.
Given the info in the first post (IE), the detection was found in the IE temp internet files location:
Location: Windows/Temporary internet Files/Low/Content.IE5/KJ35SUOL/in[1].htm
There may be something else protecting it or restoring:
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file). I don’t know for sure if these work on 64bit OS you will need to check.
MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
Get rid of the crawler search tool bar, it brings nothing to the table that isn’t already there and it gathers marketing information that could result in targeted adverts.
So where is avast running as that is also a resident AV ?
Having two resident scanners installed is not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable.