J S Fake

hxxp://www.mediafire.com/?wdn2q554mjw

bit confused… I tried just the last one. Is that what you want?

qim

Here are the other two

hxxp://www.mediafire.com/?momoizqdqnz
hxxp://www.mediafire.com/?tmhi2w4ytny

qim

got them all… change the links in you first post of this topic to hxxp.

Hi qim,

Try to explain to you what happened in plain words. If you visited the site you mentioned hXtp://charlescurtiss.com/speyq/ejwts/2.js which has a malicious script on it (because it was hacked or it was put there by malcreants) then this site is gonna redirect you (without your knowing or being aware - but you get an alert by avast webshield - good you have avast on your box!) to webtrustrank1.net and the latter site then will try to infect you silently with Trojan: JS/Redirector.I.
Nowadays there are thousands and thousands of trusted websites that have been infested by cybercriminals with malicious redirecting code to download malware onto your computer via a vulnerable OS/software through your browser - just by visiting the infected website. Visiting pr0nsites only form an elevated risk, and are a good haven for malcreants because not a lot of people report infections through these sites. So actually it is good you did,

polonus

Thanks Polonus

I have a genetic problem: I like women! Don’t see much wrong with it, so why hide it. Anyway, I understand that it just gives more unnecessary work…
Thanks for the explanation and help.

Having said all this, I think my latest problem comes from a programme that I use to see football matches (men’s football, I’m afraid…) and it is U95.exe.

Thank you

qim

Hi nbm

“change the links in you first post of this topic to hxxp.”

It proved too difficult, so, I just removed the lot. I hope you that’s ok!

qim

I have sent the analyzed file to sir polonus. let me see what he has to say. I think it was caused by ashServ.exe (aswSP.SYS).

Thanks nmb

That is the blue secreen you are referring to, right?

What about the JD Fraud/Fake? What do they do? Any chance they may still be lurking around?

Thank you very much.

qim

since you have deleted, you shouldn’t worry. if you smell something fishy, come back. because there are many trained guys here. thanks for the dumps.

scan using these tools : malwarebytes antimalware and superantispyware(don’t worry about the cookies reported, let superantispyware deal with them, as they say.).

edit : do you have the latest program of avast?.. check : right click avast tray icon > about > see the version. it should be 4.8.1356 . is that the version?

Hi qim,

Next time go to certain sites in a Firefox browser with NoScript installed an via a good webproxy like http://www.zend2.com/
For the other issue, nmb will come up with a fix,

polonus

take a look at this : http://forum.avast.com/index.php?topic=11945.msg110789#msg110789 it might solve. thanks sir polonus.

Ni nmb
I had 4.8.1351. I have just updated. Strange it did not do it automatically!

I have to restart. See you in a bit.

qim

It will not automatically update since the default settings is set to manual update.

what is the size of the u95.exe file you told?.

Sorry I had to go out.

the file size is 456 Kb

qim

upload it to virustotal.com and give us the link after the scan is completed. if it says the file is analysed, give us that link.

U95.exe is fishy.

Hope it works

http://www.virustotal.com/analisis/82fdfd5ae773400174f6ef910f63fb322dde38cc9ae39d1d009466bf28d4e0ff-1254768227

The reason I think something has gone wrong with this programme is that I used frequently without any trouble. Now I am unable to get it to work. efore after opening I could access IE pages ‘through’ it; now, I lose internet if it the prog is on. As soon as I close it, everythingis ok again.

What I think, in my ignorance, is that I have malaware which is not allowing the prog to run as it would not allow the malaware to control the system. Makes sense?

qim

remove this program and use what sir polonus posted previously - reply #29. and use limited user account (guest account already available) “always when on internet”.

This prog is not installed. It is in a zip.file and gets loaded and unloaded at will.

qim

ok don’t use it anymore. scan using the two programs which I said in reply #28 and post back log of malwarebytes antimalware.