Hi
I have found this in my log viewer is this another virus that avast has found?
I have looked it up on the web and found nothing and looked throught here too
Sign of jpg:m504-028(exp)‘’ has been found in c:/ocuments & settings/operator/applications data/mozilla/firefox/um9q/kqpw./default/cookies.sqlite-journal’‘file’’
I tried to grasp as quickly as possible what was your previous dilemma.
I am not sure what you mean, but unless I am wrong if you are looking at the log viewer then you have nothing to worry about. This is a log so it concerns something that has already happened. If you had a virus, Avast would of had given you warnings.
It is a back-up of your cookies so if the original gets corrupted, etc they can be recovered.
Just do a search for sqlite in that same folder and you will see lots of other back-ups, bookmarls, history, etc.
The malware name seems somewhat strange for the file type, this jpg:m504-028(exp) name indicates a jpeg exploit and that should really only be found in .jpg image files; so I doubt it is actually infected but we need to confirm.
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Many thanks I was worried incase anyone would answer as I put all slashes the wrong way
as for some reason I do not have a backward slash key ?? strange but true nothing at all on this keyboard
thanks again will go and have a look!
File cookies.sqlite received on 2009.06.19 22:47:48 (UTC)
Current status: Loading … queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
but here’s the thing, when I went through I had no file named sqlite-journal’‘file’’ to click into so this is the result
from cookies.sqlite is this the same by any chance ? sorry Der to me !!
I suggested a search simply on sqlite as you are more likely to find all the different occurrences of this ‘string’ which forms part of multiple files related to back-up of profile information. e.g. making the search easier by not being too specific.
You would find nothing for this sqlite-journal’‘file’’ as it isn’t actually called that but sqlite-journal the ‘‘file’’ bit is just to say it is a file rather than a folder as such.
So the event viewer error looks like firefox trying to back-up the cookies failed to find the file it was going to back-up. I would have thought that if a back-up file wasn’t found it would be created by default.
So I think this is a bit of a non-issue.
Personally I keep my nose out of the logs as for the most part the content is verbose and not to helpful to a user, more likely to scare a user than provide any useful information. Only if I experience a problem, e.g. hard errors are displayed to the screen do I look in the logs.
So are you getting any errors displayed to the screen ?
No I am not getting any messages at all and I think possibly nothing to worry about
and my hubby thinks the same now as nothing is showing up in thorough scans !
One other thing re my home page urbancouturepaperweddingstuff.com now has something else
posted by google about my site being dodgy and enter if you dare kind of thing ! this is what has been posted there
and I cannot find a way of calling them to ask whats happening yesterday it was a black page with red text warning
people not to go in there and then today this ? I have requested a review but not heard anything from them! Would they have put this up because I requested a review? This is all so crazy
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 24 pages we tested on the site over the past 90 days, 14 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-06-19, and the last time suspicious content was found on this site was on 2009-06-19.
Malicious software is hosted on 2 domain(s), including illusionfest.ru/, pistolgage.ru/.
1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including illusionfest.ru/.
This site was hosted on 1 network(s) including AS36351 (SOFTLAYER).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, urbancouturepaperweddingstuff.com did not appear to function as an intermediary for the infection of any sites.
It doesn’t take long before google gets to know that the site is/was infected and adds the URL to its black list. I don’t know who long it stays like this or when google revisits, etc. or if you have to contact them.
Presumably you sent the Sign of jpg:m504-028(exp)‘’ has been found in c:/ocuments & settings/operator/applications data/mozilla/firefox/um9q/kqpw./default/cookies.sqlite-journal’‘file’’ to the chest ?
If so that would account for it not being found on a search.
You need to do as suggested in my first reply and confirm the detection one way or another at virustotal.
No its still sat there as there was not an option for this only export delete, find and filter ? On right click
I am in the wrong place ?
I did try what you suggested but it wouldn’t find the file but then I read your latest last night
and tried before but gave a message saying that its working OT and cant deal with workload
so shall try again presently (soon)
OK now this may sound really stupid :-[ but I have now been into the avast area where I scan from
and opened the virus chest and its full in there ! I have scanned the files and again we have world war 3
going off here ! What are my options now to loose these? I have delete , Extract, Email to ALWIL software
and refresh all files ( guess not that one ) so these are locked up I take it but how do I get rid for once and for
all? these have been added or running since BV supposedly cleaned the site for me and reset and now its showing as being
in my other site too thelittlefavourboxcompany in one the pages but have just clicked into site and this page and nothing
going off here?
You have to follow the instructions I gave in Reply #2 above, were are only interested in the one being discussed in your first post. That is the one you need to export into the temporary folder I asked you to create and exclude from scans, then it can be uploaded to virustotal to confirm if the detection was good or not.
I didn’t ask you to scan the files in the chest.
Please reread the instructions in Reply #2, print if necessary and follow them step by step and report the findings.
Hi David
First time online since last night we can now not connect ran through with BT gfor about 2 hours this aternoon
and they say hub not the problem ! Its down to virus have ran a scan through Trend micro hijack this and some files
in winsock say unknown files this is one result from Virus total
and there is 4 in total
File has already been analysed:
MD5: 4167c8c7d85482b996f67a7d09d91c0a
First received: 2009.06.04 01:57:41 UTC
Date: 2009.06.04 01:57:41 UTC [>17D]
Results: 0/40
Permalink: analisis/ccc7a07f444d5acbe897000611063d58ad2507f447be579d3e24eaf1ceb307ea-1244080661
This is the log file is this means anything to you??
Basically we dont really know what to do now we have done this we have tried to download malware removal tools but they jkeep shutting down saying fiels corrupt !!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:05:41, on 22/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Used this and this the results from trend micro hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:05:41, on 22/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal