malware

Avast Free Antivirus / Premium Security
1

Hi ! i have avast and it has warned me about malware. I go regularly to my favs i have like the BC SPCA sites to help out and look at the pups (looking for a pup too) but i had not been in 3 days and as i did i got this MALWARE warning from avast ‘‘this is very good’’ but i still can not get into the SPCA"S at all now with out this popping up every time ? please help thank yu very very much!!

2

Are you talking about this site? → spca.bc.ca

I’m not using Avast on this machine, but I can’t connect to the site.
Are you sure it was an Avast pop-up and not some fake one from the site?

3

hi ’ well no i i am not sure its from my puter or because of them ?? how do i figure it out? once i disconnect when Avast warns me i can get in but this pops up all the time now thank you very much
Shortie.

4

Hello ’ i forgot to answer your Q ? 'no i’am not sure if its a fake one from the site how do i find out? i called them they said what is malware? ok thank yu Shortie

5

This is what it looks like :slight_smile:

http://xona.com/postattachments/avast_blocks_alexa_2.png

6

Ok it looks the same only it says Malware and it says disconnect instead of no action…does it mean its a fake? thanks

7

No, it is Avast allright, not fake, but I don’t know if it is a false positive by Avast or a true threat.

If you can post a screenshot of the pop-up and provide a link to the site that causes the pop-up.

8

This is the one, Web Shield blocking a file/page from being downloaded, the only option given is abort connection, which stops it getting on to your system.

What is the malware name givin in this detection ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.

The reason I ask is that Linkscanner and DrWeb don’t find anything at the hXXp://www.spca.bc.ca/ address. Though there is a heavy use of javascript on that site and one which might look suspicious to the web shield scanner, though I don’t think it is.


<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>

Other than that I don’t see anything obvious unless it is on an external .js file, I don’t normally browse with scripting enabled so I didn’t get an alert when I visited the page. OK I temporarily enabled scripts and I didn’t get an alert.

So we need confirmation of the location that Pico asked and you can get all that from the log viewer that I mentioned, we need more information.

9

hello ’ every one ’ i am sorry it took me so long to come back ’ i had a hard time finding this place again .and also learning on how to post in here! thank you for your help and i know i made you wait am sorry’ !!
i have to learn on how to get a screen shot , and i did make a copy for Hijack & i need to learn on how to post the link ,for where the malware pops up from… so i will be back but in a bit ok and soooo many ty’s !!! please know i do so appreciate it. Shortie …will be back

10

Hello ’ again… I went to try and get a screen shot of this malware that shows up when i go to http://spca.bc.ca but now it won’t show up. After all this it is ok now …SO i went into every SPCA site to look at the dogs and no malware is showing up.
The 1 st day i got malware i phoned the spca and they said what’s malware? but now 3 days later and i can get into all the SPCA"S Is it possible it was from them ? and they fixed their malware ? i am not a computer person and don’t know much so please excuse my Non existing knowledge…
Pico …can you get into the site now? And any advice you can give me ? i would thank you very much!! . soooo many tys!!! i will be back in the morning !! mean while will try to learn how a screen shot is done & a hijack log too.!!! very kind of you to help!!! Shortie…

11

Yes I can get into the site today :slight_smile:
Yesterday it wouldn’t load!

12

Well the site loads for me today as it did yesterday and no alerts.

For How To post a screen shot check out this old topic, http://forum.avast.com/index.php?topic=6588.0, old but still relevant.

13

Hi am back & thank you for the screen shot link!! great i needed it!! i will be back thursday. tyty :slight_smile:

14

You’re welcome, until then.

15

Hi i was wondering where to attatch the hijackthis copy? i did one on the 29 th and don’t knowhow ‘’ i went to insert image but i get image words on line is all tyty

16

When you click the Reply button, there is an Additional Options link, this expands the options to attach a file, that can be an image file or a text file (.log or .txt).

It is the same as the How to post a screen shot info link I gave earlier, you just navigate to the hijackthis.log file and select that.

17

With the marvels of copy-n-paste

Run HijackThis and select Do a system scan and save the logfile then when in Notepad click on Edit then Select all ( Ctrl+A ) then Copy ( Ctrl+C ) then Paste ( Ctrl+V ) into an open reply to your post here.

How To Copy n Paste:
http://www.royhooper.com/copy.html

18

Hi & thank you for the info’ and much appreciated !''But it says i can not as its over 10000 charachters? can this happen ? ty Shortie

19

Hi i have 'i hope attached my hijackthis file !! lol am so new to forums so sorry if i 'am or seem confused , but its slow but hope to get there!!lol ty all!!!

20

You attached it OK, twice ;D
I assume they are the same, I’ve only opened the last one.

I don’t know where you got your copy of HJT but it is out of date, get it here:
FileHippo Download - HiJackThis and post the contents of the HJT log file here. This file is an executable installation file so you won’t have to unzip and extract the files it will create its own program folder.

Here is a helpful tutorial - HJT Information HiJackThis Tutorial.

So it would be best to get the new version and run the log again, now you know how to attach it.

If this entry appears the next time you Run HJT it can be fixed.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Other than that I don’t see anything obvious, but we can check again when you run the latest version of HJT.

Also you don’t appear to be running an active firewall, or it is disabled or it is the XP firewall.
Your firewall should be capable of blocking unauthorised outbound Internet Connections.

Windows XP’s firewall is better than no firewall but, it lulls you into a false sense of protection, it doesn’t provide outbound protection. Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.