Hi I have one problem with my computer.
Avast notified to me many URL malicius blocked (.exe) today, for the first time.
It have found a win-32 trojan gen dwm.exe and avast move it automatically in the basket.
But the red screen (URL malicius blocked) continues to come out.
I try to delete the file listed, but I can’t do this. What I have to do for solve the problem?
What’s wrong with my Pc?
Now I have an other message with:
Object: fajujohiv.cn/g/i.php
Infection: URL:Mal
Action: blocked
Process: C\Documen and setting\pc\Dati e applicazioni\Microsoft\svchost.exe
Some one can helpme? If I scan the files notthing is detected in this file
Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have latest database before you scan
click the remove selected button to quarantine anything found
you may post the scan log here if anything is found
You have a hidden/undetected piece of malware that is trying to connect to these sites and there may be elements that are trying to have some windows services replaces by the two after the action blocked: part of your detection reports.
C\Document and Settings\pc\Dati applicazioni\Microsoft\Windows\Shell.exe and
C\Document and settings\pc\Dati e applicazioni\Microsoft\svchost.exe
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware (SAS). On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
Ok I have installed Super antispyware free editon and it found 11 items to put in quaranten and remove:
Trojan.Agent/Gen-Fuffan [3 items]
Trojan.Agent/Gen-StartPage [1 items]
Trojian.SVCHost/Fake [3 items]
Disabled.SecurityCenterOption [3 items]
Malware.Trace [1 items]
What I have to do? block all and delet?
Ok the second scan with MalwareBytes Anti-Malware is finished, for now not new threats are detected and the computer seems to be working properly again.
Now I scan with Avast again.
What I have to do with the quarantine file in Super antispyware free editon?
The file detected are:
Disable.securityCENTEROPTION:
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER (ANTIVIRUSDISABLENOTIFY…)
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER (FIREWALLDISABLENOTIFY…)
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER (UPDATESDISABLENOTIFY…)
Malware.Trace:
HKUS\S-1-5-21…\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON (SHELL - explorer.exe, C:\Document and settings\pc\Dati applicazioni\Microsoft\Windows\shell.exe)
Trojan.Agent/Gen-Fuffan:
C:\DOCUMENTS AND SETTINGS\PC\DATI APPLICAZIONI\MICROSOFT\WINDOWS\SHELL.EXE
C:\DOCUMENTS AND SETTINGS\PC\DATI APPLICAZIONI\MICROSOFT\WINDOWS\SHELL.EXE
C:\WINDOWS\Prefetch\SHELL.EXE-038B6D6F.pf
Trojan.Agent/Gen-StartPage:
C:\DOCUMENTS AND SETTINGS\PC.…\FORM_RANKS_1.32.EXE
Trojan.SVCHost/Fake
C:\DOCUMENTS AND SETTINGS\PC\DATI APPLICAZIONI\MICROSOFT\SVCHOST.EXE
C:\DOCUMENTS AND SETTINGS\PC\DATI APPLICAZIONI\MICROSOFT\SVCHOST.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run (svchost - C:\Document and settings\pc\Dati applicazioni\Microsoft\svchost.exe)
Leave them in there for a few weeks and if no adverse effect you can delete/remove them.
The first three are registry settings, which will most likely have been reset to their default values, these were being blocked from showing you if any of your security software was disabled.
The next two groups related the the fake shell.exe issue I mentioned before.
The next for FORM_RANKS_1.32.EXE didn’t get a mention before, but relates to changing your startpage.
The last group related the the fake svchost.exe issue I mentioned before.
