Friend says my emails report Trojan

My friend uses Windows Mail, as do I, for her email program. She also has Avast, although I’m not sure which version. She says that every time she brings up one of my emails she gets a window that tells her that Avast has either blocked a Trojan, or detected a Trojan. She does a lot of messing around with her computer that she shouldn’t do because she does not have the technical knowledge for it, so I am wondering if it’s a problem I have or if it’s on her end.

I have the paid versions of Avast Internet Security, Malwarebytes and SUPERAntiSpyware. Although I am no computer expert, I am very security conscious. I have all three of these programs set up to scan several times a week. I can’t hardly believe that I have a Trojan and none of these programs is detecting a thing.

If there is something I am missing here, please advise so I know what I need to check out.

Thanks for any help you can offer.

if your friend could give you screen shots of the avast warnings so we can see what avast say…and you could attach them here?

I have Vista Home Premium. She has Windows 7. She says she has no Snipping Tool. She downloaded something she was trying to use, but she was having lots of trouble getting it to work so I very much doubt it is possible for me to attach a screenshot for you. She said it was saying a Trojan had been blocked, and then the next time it said a Trojan had been detected.

I have contacted a group of my email friends. So far I’ve heard back from 3 of them, all using different security programs, and they report no problems. I think it’s something on her end. The only thing that puzzles me is why this Trojan deal pops up when she opens MY email.

She emailed me back later and said when I sent my last email she didn’t get that message and “maybe it was that Black Friday site I went to.” :o

I really feel pretty confident it can not be my computer, but I thought I would run this through the virus forum as an extra precaution.

While I’m in here, do you know of a simple program she could use with her Windows 7 to take screenshots?

She says she has no Snipping Tool
if you have windows.....you do....it is built in

https://www.google.no/search?q=how+tontake+screenshot+with+win7&ie=UTF-8&oe=UTF-8&hl=nb&client=safari#hl=no&client=safari&tbo=d&spell=1&q=how+to+take+screenshot+with+win7&sa=X&ei=Au2vUMz-I4OZtAb5woFw&ved=0CC0QvwUoAA&bav=on.2,or.r_gc.r_pw.&fp=e8b9f0a13b7e8949&bpcl=38897761&biw=1024&bih=672

or a youtube how to do it wideo
http://m.youtube.com/results?q=how%20to%20take%20screenshots

another alternative is to write it down…and post the info here

if you want to check your comp for infection…

follow guide and attach the logs…not copy and paste
http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

My friend got the Trojan warning again. Here is a small screenshot of what popped up when my friend opened my email. I had started to move forward with the steps you sent for checking out my system, but thought I would show this to you first.

Here are the first two logs. I will go on to complete the check for infections.

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.23.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Cindy :: CINDY-PC [administrator]

Protection: Enabled

11/23/2012 6:47:44 PM
mbam-log-2012-11-23 (18-47-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 294604
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

from the screenshot i see what your friends problem is…
she has the visicom antiphishing toolbar installed…(many here with same problem this week)
this toolbar is using signatures from Panda wich is know to not encrypt its malware signatures, and that is whats detected by avast

so your friend must run AdwCleaner…and click the delete button to remove this…
then also run Malwarebytes quick scan…and click the remove selected button…if anything is found

post the logs here…when you have done yours first
way over bedtime here, will check back tomorrow

Hope you have a restful night. In the meantime, here are the final results. Please note that after I ran the awsMBR, there was a file on my desktop by the same name. I assume that’s normal. Can I just delete it?

And what about getting rid of the OLT.exe and the awsMBR.exe files? I see that the adwcleaner has an uninstall included on the face.

One more question. I still wonder why the only time this maroon Trojan blocked/detected box shows up is when she opens one of my emails. She insists that is the only time it pops up.

Thanks! I’ll wait to hear from you.

And what about getting rid of the OLT.exe and the awsMBR.exe files? I see that the adwcleaner has an uninstall included on the face.
OLT and aswMBR needs to be used for fixing.......based on what is found in the logs, if anything now we have just done diagnostic logs with them the removal expert will remove all tools used when done. ;)

Have the alerts popped up since the removal with AdwCleaner

I had my friend run that AdwCleaner also. It’s so hard to talk to her and make myself understood and then understand what she’s saying. This is why I didn’t just suggest that she post here herself.

She says that she received 3 more pop ups last night after I had run the AdwCleaner, but I can’t be positive they were caused by my emails. Before running AdwCleaner herself this morning, she got a Trojan pop up while I was on the phone with her, but it was when she opened an email SHE had sent to me with a picture attached. So what does that mean for me since I received that email and opened the picture?

I attached all the logs and reports below. Did you look at those and if so, were there any problems found?

I wasn’t aware that I had any toolbars, but when I ran AdwCleaner it appeared there was something in Firefox. Those logs are kinda’ Greek to me so I can’t be sure what was found there. I use my Chrome now unless I’m having a problem with it.

If I don’t need the MBR, OLT and AdwCleaner files any longer how do I get rid of them? I think the Adw file has an “uninstall” button right on the bottom of that box, but I’m not sure about the others.

Yes use the AdwCleaner uninstall button

Could you attach the log ;D

This log is attached to my Reply #7.

Ah OK missed that :-[

Nothing is apparent in the logs … Are both systems behaving themselves now ?

Mine always was, and as far as I know so is hers. I told her to call me if she got any more notices about Trojans and I haven’t heard from her.

Thanks for your help. How do I dispose of the OLT and awsMBR files?

Delete the aswmbr files from the desktop
Run OTL and press the cleanup button to remove it
Run AdwCleaner and press uninstall

Thanks to you … and to Pondus too for all the help!

Our pleasure ;D

your welcome

OBS…i recomend you keep Malwarebytes as an extra scanner. :wink: