MOV:CVE-2011-2140[Expl] keeps disappearing and reappearing

Hi,

Firstly I am a noob when it comes to computers - I bought Avast because all my technically minded friends recommended it and it has done an excellent job of keeping me safe for 6 years so far.

A few weeks ago I made a poor decision and went to livetv.ru to watch the NBA post-game show, and unfortunately since then my computer has been infected with something. There are no signs of the infection in the performance of the computer, but I have run multiple full scans and boot-time scans and most of them show up an infection that then sometimes disappears only to reappear a few days later.

Avast commonly tells me this:

“MOV:CVE-2011-2140 [Expl]”

is in “C:\Users\Ruffy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_016c8f”, although it is infecting the same folder in many files eg …Cache\f_016dbb …\Cache\f_016cfb etc (21 in latest scan)

but when I try to “move to chest” I get this error message:

“Error: the system cannot find the file specified”

Please help me.

Thanks,

Matt

PS I am running Windows 7 and using Chrome as the browser.

try this

run AdwCleaner…and click delete button…post log
you find it here. http://forum.avast.com/index.php?topic=53253.0

then run Temp file cleaner
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

any change. ?

Thanks Pondus, will do and report back. :slight_smile:

So, ran adw cleaner and the log seems to indicate I’m clean (as attached).

Then ran TFC.

I’ll just keep scanning over the next few weeks to see if these threats keep popping up - I thought I’d cleaned them out last week and they came back this week, so we shall see.

Thanks very much for your assistance.

Matt

As is the detection for specially crafted Adobe Shockwave Flash (SWF) files that exploit the vulnerability described in the following articles, so my question to you…
“Did you update your Adobe software, else you could be reinfected before you say Jack Robinson. What is the status of your avast! Software Updater?”

polonus

Hi Polonus. The Avast software updater says Chrome needs updating for “all users” and “current user”, so I hit update, but then it doesn’t work and comes up with “Error”. It also says I should update Firefox but won’t do it, simply sends me to a link to download Firefox.

Both Flash players (“ActiveX” and “Plugin”) appear to be up to date.

Should I uninstall Chrome and Firefox and reinstall new versions?

Bump.

So, the same infection has reappeared in the Chrome user data files. Time to uninstall Chrome and reinstall? Or do I need to do more. Guess I’ll run adwcleaner again and see what it says.

hey yes try the adwclener agian and see if that solves your problem. if not continue with the logs from this guide.

http://forum.avast.com/index.php?topic=53253.0

attach the log from malwarebytes, otl and aswmbr. from there a malware expert will help you out if your problem should not be solved with the run of adwclener wicth you also can attach :smiley:

Okay, so I used adwcleaner, uninstalled CHrome, etc, but the infection is still there. I use Avast to check every few days and it just cropped up again with 18 infected files in the same place as before - always in C:\Users\Ruffy\AppData\Local\Google\Chrome\User Data\Default\Cache.…

Strangely, when I moved them to the chest this time it sent 14 of them and said 4 had disappeared. Is there any way I can post the log for the chest?

I’ll wait until they pop up again, won’t clean them out this time, then run the suggested programs and post the logs. Thanks.

Here are the logs as they are right now, although I just cleaned everything up with an Avast scan so they may not show much.

I will wait a few days, and if it comes back (which I’m sure it will) I will run these things again.

Is there any way I can post the log for the chest?
you can take a screenshot of chest and attach.... first put your mouse pointer on the vertical bar just in front of [b]severity[/b] and dragg sideways, this will show full file path.....then take screenshot

So, any idea what is going on with this thing (looking at the logs I posted above)?

It keeps disappearing and reappearing so what does that mean? And it doesn’t seem like Avast or anything else I’ve tried as suggested above can clean it… very annoying, and it means I can’t trust my computer. I’d reimage it but that is a long and annoying day of work that I don’t have time to do right now. Would very much appreciate suggestions at this point.

essexboy is notified, check back later today. he is usually here after work hours european time

is your java updated to latest version…and adobe flash

http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Exploit%3ASWF%2FCVE-2011-2140.A

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2140

One option to stop this is to disable JS in chrome http://browsers.about.com/od/googlechrome/ss/disable-javascript-chrome-windows_5.htm or use the noscript chrome version https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn?hl=en

As you are using Chrome and it has Java enabled by default you will get these and unfortunately chrome does not appear to have the option of deleting temp files on shutdown

The logs look clean

Hi guys, thanks again.

Okay, so I disabled Javascript and will only allow it on trusted websites.

The logs look clean, so why does Avast keep finding infected files? How do they keep replicating themselves and reappearing if there isn’t an infection?

BTW, Avast told me just to disable restore and do a boot scan - I’ve done tons of boot scans but not disabled restore, so I’m hoping that will solve the problem. We shall see.

Thanks again for your time. :slight_smile:

It is detecting the java scripts that chrome is placing in its folders, rather than running them from the website