HTML:IFrame-EV [Trj] ??

Ran avast boot time and it found this on some of the files. I am attaching the log. Can you tell me what steps to take? I was infected with a nasty VIRUT virus a few weeks ag, but was able to clean it all up (or so i thought) perhaps this is part of it? I have turned off system restore and removed all restore points.

Virut does also infects .htm and .html, so this may have been remnants of this infection.

Virut as you know is a very nasty, virulent infection and many have been left with no other option than to format and reinstall. So if you have avoided that you have been very fortunate.

If you didn’t run these htm/html files, they won’t have been able to launch the payload in the iframe tags, so once more you may well be OK, but you are going to have to be on the alert.

The Vitro is like the next step up from Virut and considering they are in restore points it is possible that these were previously in the system folders and when removed by avast, etc. system restore has created the restore point.

Personally I would disable system restore and reboot. This will clear ALL _restore points. Once you have disabled system restore, reboot, scan your PC again and if clear enable system restore.

I wouldn’t worry about any corrupt archive reports as it may simple be that avast is unable to unpack them for some reason, but this is no indication that they are suspect, just that they can’t be scanned.

Ok, i just rebooted and will run another boottime scan now and post the results…you don’t need a HJthis log or anything of the like?

and yes, i think i am very fortunate with the virut virus with all the research i did on it. But i was determined to NOT reformat so hopefully i still won’t have to :slight_smile:

Yes you can post an HJT log, though I’m not sure if it would show anything relating virut/vitro.

If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Personally I would run these first as they could clear out any registry remnants, which may appear in a HJT log. Though there are some who feel you should run HJT first to show the warts and all to see what we are dealing with. But me, I don’t see that as an issue if you are posting the logs of the MBAM and SAS scans you effectively get the same information accompanied by what MBAM/SAS are calling what they found.

Ok, both logs are clean. I’ll turn system restore back on and scan again in a few days and see if there is any change.

Thanks for giving me the heads up on if i cleaned that nasty virut all the way or not. ;D

You’re welcome.