help a noob please

Viruses and worms
1

Hi guys, i’m trying to get on a site ( gametrailers.com ) and Avast blocks me and gives me a virus warning.

File name. http://www.gametrailers.com/\{gzip}

Maleware name. HTML:Script-inf

Malware type. Virus/Worm

VPS version. 090109-0, 09/01/2009

I have never been blocked before and don’t really understand whats going on ( complete noob alert )

Any help would be really welcome.

Mark.

2

There are several script tags that tries to run a script from another site fun6677.com /js/ index.js

These are buried inside another alt, title tags (for wikicheats.com world of warcraft), which is highly suspicious to my limited experience, so I don’t think it is not a bad detection but that the site may have been hacked.

Also see, http://www.malwaredomainlist.com/mdl.php?search=www.fun6677.com and http://forums.gametrailers.com/?do=show_thread&id=571409&page=5& and http://forums.gametrailers.com/?do=show_thread&id=571449&page=3.

So looks like avast saved your rear.

3

Wow, but what about all the people that visited GT in this time and weren’t warned because they did not have Avast! ? Are their computers infected now?

4

Thanks, so do i have to do anything other than not use the Gametrailers site and just wait in the hope that it gets fixed or is there a reporting back to avast method to tell them that the gametrailers site is infected, please excuse my ignorance but i am a complete noob to this new Avast virus prg and not sure what to do, my old virus prg ( symantec ) let me use the gametrailers website on my old PC just a few mins ago, does that mean my old PC is now infected now.

Mark.

5

There is a possibility of that.

Other than report it to gametrailers via their forums or webmaster(at)gametrailers(dot)com a common way to contact those responsible for web design/build or any contact us links, etc. It really isn’t something avast would do trying to contact infected sites, there are thousands) as it would be diverting what they should be doing protecting you.

In the meantime it would probably be best to avoid for a while, who know what might be there.

avast is now relatively hot on this type of thing so I’m not surprised that other AVs aren’t picking it up, some simply don’t scan web traffic like avast anyway. I have absolutely no Idea what is in the fun6677.com site or the index.js file indicated in the link, but there is a possibility that your old system is infected.

What is your firewall on the old system (it too is an essential part of your security) ?

On-line Virus Scanners and other useful Links Security-Ops.eu.tt Not all of these on-line scanners might work with older OSes (you don’t say what OS is used).

6

What is your firewall on the old system (it too is an essential part of your security) ?

On-line Virus Scanners and other useful Links Security-Ops.eu.tt Not all of these on-line scanners might work with older OSes (you don’t say what OS is used).
[/quote]
My old Pc is XP home and i was using XP firewall and symantec corporate av, definitions are right up to date but iwas able to access the gametrailers site without any notifications from symantec.

Mark.

Ps… have just asked someone about this virus on AVforums.com and he said that when he tried to enter the gametrailers site his virus prg warned him that snapview.ocx wanted to run, any idea what that is.

7

Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

  • There are many freeware firewalls such as, Comodo (care required now it is a suite not to install the anti-virus element), PCTools Firewall Plus, Jetico, etc. - Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated with trial ware and is also crippled as far as outbound protection goes In the Program Control, configuration area, the slider will only goes as far as Medium protection, if you want more you have to buy the Pro version.

See A Forum discussion on free firewalls http://forum.avast.com/index.php?topic=30808.0
See http://www.matousec.com/projects/firewall-challenge/results.php.

Should you choose to get rid of the symantec corporate version, good luck if it is as much of a pain as NAV, I don’t have any experience of this product.
Also see, Manual uninstallation documents for Symantec Client Security products (including Corporate Editions) http://entsupport.symantec.com/docs/n2002031914291648.

8

Thanks for your help, one more ? if i can.

My XP PC is going in the bin later after i have finished setting up my Vista 64 bit PC so is the firewall in Vista 64 bit good enough to stop outbound traffic or do i still need to get a separate firewall installed, if so can you point ma at a firewall for idiots pay or free that will work for me.

Mark.

9

I would consider holding off on binning the old one, keep it as a spare for a while.

The Vista firewall has outbound checking but it is disabled by default. I don’t know if there is any difference in the Vista 32bit and 64bit versions of the firewall go, I don’t use Vista at all.

You could also enable the outbound protection of the Vista firewall, but it isn’t very friendly, is rule based and you have to create the rules, check this out. - Vista Firewall Control, check out this topic for some user friendly help for the Vista Firewall, Outbound protection, http://forum.avast.com/index.php?topic=30234.0