I’ve just got a new build PC running Windows 7 64-bit. I’ve only had it for a few days but Avast keeps coming up with a Malware blocked message:
Infection Details
URL: hxtp://allzoomovies.com/?x
Process: file://C:\Program Files (x86)\Common Files\ComObjects\update.exe
Infection: html:Iframe-inf
I have never been on the website quoted or anything similar but it comes up with this message almost every time I launch Firefox.
Going to the destination folder, the file has a Firefox logo and cannot be deleted (comes up with a message reading something like “Firefox is still using this file so it cannot be deleted” even when Firefox is not installed.
So far Avast is blocking it but I don’t want this to escalate and ruin my nice new PC!
ANY help is greatly appreciated!
Nick
UPDATE: It’s also calling the same file a Suspicious File now!
upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners
when you have the result, copy the url in the address bar and post it here for us to see
Please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.
You might not have been on the web site in the alert, but something on your system is trying to connect to it “C:\Program Files (x86)\Common Files\ComObjects\update.exe”
Do you know what this ComObjects folder/application is about ?
It may be that it is legit but the site has been hacked.
Well it isn’t update.exe that avast is alerting on as that is the process responsible for making the connection to the site, which avast considers malicious. So I wouldn’t really have expected VT to find anything or avast may have been likely to have alerted on that file not the URL location. This isn’t uncommon as this element would appear benign, it is just where it is trying to send you that would do the dirty deed were it not for avast blocking that.
I have done a search and find only one other instance of this C:\Program Files (x86)\Common Files\ComObjects\update.exe and it supports this ComObjects folder being highly suspect.
So download install MalwareBytes AntiMalware (MBAM) install, update, run and post the contents of the log file as asked by Pondus.
This however may require further investigation:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the logs and start your own new topic and attach the logs there, not in the LOGS topic.
You will already have made a head start by running MBAM as asked.
Essexboy one of our malware removal specialists should take a look at it later on, he is normally on-line from 7pm UK time, currently 4:10pm in the UK.
OTL by OldTimer - Version 3.2.31.0 log created on 02022012_190149
Files\Folders moved on Reboot…
C:\Users\Nick & Liz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot…
The document that opened after the SCAN is annoyingly too large to be an attachment. Suggestions?