infection JS:Injection-[Trj] Firefox.exe how to get rid of it?

Hi folks,

I have attached a screen print of the notice I’ve gotten from Avast several times now of a virus.

Seems to have something to do with Java Script/JS? I don’t have Java on my computer because I heard it’s prone to viruses. Oh well…

Haven’t had a virus in many years, have no idea how to get rid of it.

any help appreciated!

Liz

http://forum.avast.com/index.php?topic=53253.0

THANK YOU, Eddy :slight_smile:

I have attached a screen print of the notice I've gotten from Avast several times now of a virus.
Do you mean this happens when not doing anything, or do go to this website and then see it?

The website in your screenshot is infected
Sucuri report > https://sitecheck.sucuri.net/results/thepresentersapprentice.co.uk

html scan
https://www.virustotal.com/en/file/d7ad67019a078b26ba2e21a57069933a3ef8f2a803761ef9117055c55524ac6f/analysis/1457979109/

And this is the WordPress Blog Infection at hand: https://wordpress.org/support/topic/wordpress-blog-infected-with-malware-malwarefake_jquery001
The script should be cleansed from the theme editor but could also come riding in via vulnerable php.
All header.php or template files can come infested.

pol

It happens on occasion when I open a Firefox window, related to the firefox.exe I assume. It doesn’t always happen.

I got the virus when a friend’s yahoo.com email was hacked (I assume) and sent me a link in email. I was suspicious and copied PART of the url in the link from the email and copied it to the address bar in my browser, to check it out without actually clicking on the link in the email, but when I put that part of the url in the address bar I immediately got the first popup. (NOW I know that was a stupid thing to do)

don’t know why Malwarebytes says “Rootkits: Disabled” in the scan results? when I downloaded the free trial it said that rootkits was enabled, I believe.

Is this virus a rootkit?

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/14/2016
Scan Time: 1:51 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.14.05
Rootkit Database: v2016.03.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Liz

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348141
Time Elapsed: 4 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

PS: probably a dumb question, but why didn’t Avast get rid of the virus instead of just blocking it?

Is it because I use the free version?

I can’t figure out what this topic about Wordpress has to do with this specific virus?

Is it because I use the free version?
No as is see it, avast is detecting the infected java script on the website and not in your computer, but it seems you have something trying to connect to that website

we need the two Farbar Recovery Scan Tool logs (second picture in guide)
you need to attach these log

here’s the second attachment

The results in the attachments I just posted above make no sense to me, I’m not techie enough to understand, unfortunately.

I am in progress of running the next scan on the list, taking a long time but still running

thanks

Last scan finished

attached see results

thanks

Hi let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-934809810-2948938270-1494725623-1000\...\Winlogon: [Shell] - <==== ATTENTION Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

Before I try anything else, especially something with a big red caution warning (eek :-\ )

would anyone be able to tell me what I have (or have not accomplished) by running the scans that I attached the results of above?

What do the results show? It’s all Greek to me.

I guess none of the above were able to find/fix the problem, is that it? so now I have to keep trying other things?

Is it possible that this is a false positive ?

thanks

would anyone be able to tell me what I have (or have not accomplished) by running the scans that I attached the results of above?
You have provided diagnostic logs, and based on those logs Essexboy have made a fix for you

Follow essexboys instructions and problem will be solved

thanks, will do a little later when I have more time

just an fyi, I decided it would be faster and easier just to restore a system image of my computer I made 5 days ago. The restore seems to have worked, and if I’m right about the timing of getting the virus, I shouldn’t have any more problems with it, I hope.

thanks to you all for you responses

Liz

It is not that easy, restore points dont remove infections

I didn’t use restore points.

I use a program which makes entire “system image” backups of my computer, which means that I can put my computer back to exactly like it was on a previous date. I restored an image that was made 5 days ago, before I had the virus. I use AOMEI Backupper, but there are many such programs.

thanks again to you all for your help

PS: here is info on what I am talking about

https://store.askleo.com/saved-backing-up-with-easeus-todo/

scroll to the part on “Malware Recovery the Easy Way”