ever since i visited this random website, the following popup keeps appearing every 5 minutes or so… i’m afraid it has installed some sort of process in my system without my consent…
It hasn’t installed anything on your system as the network shield is blocking it.
This is the network shield blocking access to a site on its malicious sites list. The site you visited(?) is most likely hacked and something tries to redirect or run something at this Chinese site. What random site or are you talking about mixmediadirect.cn that ‘you’ visited ?
You don’t really want to get rid of the warning, how else are you to know there is something suspect going on at the site you are visiting ???
DavidR, you just beaten me to it,
Can you mention the url of that site in a non-clickable way, like for instance hxtp://malcode_site.com
hxtp or hxxp makes the link non-clickable for a n00b visitor that can get infected.
The question is this site maybe a reputable site that has been hacked and infected by a hidden iFrame or SQL injection so it redirects to a malware silent download site. The avast shield prevented your computer (via the browser) from getting infected. Do not visit the site until it is cleansed, or alert the webmaster or site admin. Avast has a unique detection rate here,
Im having the same problem as TS. Dunno what site i was on when it happend, but i know i was not on the site its trying to reach (like the pic in the 1st post)
It somehow infected my comp… cause every time i use Firefox i get this warningmessage, no matter what site im browsing on. I was hoping avast could detect from where in my comp the request is sent, but all i get is that box saying it blocked the access.
Its rly annoying to get it like once every 3rd min. Would rly appriciate all the help i can get!
Check here what’s the name of the process that is trying to access this webpage. My log is empty, but in your’s, there should be an entry with program name and address which is accessing it.
Post the name and location of the EXE file here please.
Yes, but considering he is getting this in inetrvals, we can assume there is something on his system that is trying to download crap from this webpage. Thats why we need the name of the spawning process so we can eliminate it.
First try a boot time scan with avast! Right click the scanner screen, select ‘schedule a boot time scan’ and reboot when requested. (Or open the tab at the top left of the scanner screen and select the boot time option from there.)
Yea i also got the
19.05.2009 11:59:13 Network Shield: blocked access to malicious site mixmediadirect.cn/gate/gate.php [ C:\WINDOWS\system32\svchost.exe ( 2024 ) ]
I looked through the link Charley posted, didnt find the same files as he did but i found some similar ones.
C:\WINDOWS\Temp\wpv531242686334.exe
Then i have a bunch of crypt.dll … however i dont know which are supposed to be there (if any)
I have these that is names smth with crypt:
crypt32.dll
crypt32(3).dll
cryptdlg.dll
cryptdll.dll
cryptdll(3).dll
cryptext.dll
cryptnet.dll
cryptsvc.dll
cryptsvc(3).dll
cryptui.dll
cryptui(3).dll
I dunno how to find the hidden one in my doc&settings
Rando web sites shouldn’t be able to install malware (a drive-by infection).
You probably have some insecure web-facing software that allowed this.
Scan for out-of-date and insecure software using Secunia Online Software Inspector (OSI) and update any vulnerable software: this will help to prevent future infections.
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
I did a “google” of that file name, and there are a lot of hits. (This is good.) Thought I’d offer some results: NoVirusThanks, (about halfway down there are manual removal instructions). Prevx Info. (Prevx makes a type of scanner/monitor which has quite a following, and thanks to a large user database tends to have quite a large malware database.)
Fichier(s) infecté(s):
C:\WINDOWS\system32\digiwet.dll (Trojan.Agent) → Quarantined and deleted successfully.
C:\Documents and Settings\Xavier\Local Settings\Temp\wJQs.exe (Trojan.Agent) → Quarantined and deleted successfully.
RootkitBuster - nothing found
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:43, on 19/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
An analysis of your HJT log shows only one problem :
Platform: Windows XP SP2 (WinNT 5.01.2600)
A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft’s windowsupdate site to download the newest version of the service pack.