Hi hope you can help me here.Avast found 2 malware.
program files Alwil soft ware\Avast4\amiga (1)htm vir Js.script.
users \carol\appdata local\microsoft.tuts(1)htm Js.packed
i moved to chest.and sent a hijack log to a forum which i have been a member for a while now.
and read below found all ok.
Your HijackThis log looks fine. You should probably go to the Avast forum and see if there is a way to submit those files for analysis. That
way, they can verify whether or not they are truly infected or if the findings were false positives.
so please can you tell me are they a true or false ??
This one I feel the information is incomplete as I believe this was detected by avast and you selected Move/Rename, that appends the .vir to the end of the file name and is sent to the avast4\data\moved folder.
So your path would be c:\program files Alwil software\Avast4\Data\Moved\amiga(1).htm.vir with malware name Js.script. So this is simply the same file being detected again.
I also think this information is incomplete as I believe this was found in the Internet Temp Files folder, but that is of little consequence. Since it is a temp file moving it to the chest will have zero impact, Though I do believe the detection to be good as avast has been very accurate on these detection in htm files (commonly from hacked sites)
A hijackthis log has no bearing on the detection of these two files as it isn’t looking for malware as such it is reporting what is running on your system and as you say others found there to be nothing wrong with the log.
However HiJackThis is now a bit of a busted flush as there is so much of the new malware that can hide from it, so as an analysis tool is is very limited.
A screen shot won’t hurt, try to keep the file size down though as some of us are still on dial-up ;D
Personally I don’t think it is a problem, since you have moved them to the chest where they can do no harm.
avast! has been very accurate on these kind of infections inside of .htm files in the past. Since they were both in temp locations, even if the detection wasn’t good (which I doubt) there is really no down side from there removal (or you would have noticed).
Thanks David for getting back to me…omg think it’s the first one and the 4th one…i am so green when it comes to my pc…i do a lot of psp.paint shop pro.so all the time on the look out for new tuts. when avast pop and said virus found.i moved to chest.and then did a scan.that’s when it said found above.but even to day my pc play up like it did before it found the malware.like if i click on a scapkit site.i go to click out and it keep making new window.till i have loads in there.in the end i have to try and find the first one to shut down or…close my laptop down… this never happen before!!
thanks for bearing with a new bite…cheers carol
omg…how do you send a image on here…thought it was ok to send from photobucket…seams not.
That isn’t much more help as the location is concatenated, you need to expand the column width.
However, there is enough of the location for me to be reasonably sure that what I said about the locations before is correct and the comments that the detections a) I feel are good and b) being from temporary locations no loss if sent to the chest and subsequently detected after rescanning within the chest in a few weeks.
You didn’t mention the earlier BHO.dll one, but again I have little doubt that something like a ‘Fast Browser Search’ toolbar doesn’t give out something for nothing and is most likely harvesting search parameters which can be used for targeted adverts.
I feel toolbars are the scourge of the earth in most cases they provide functions that are already present in browser dressed up to be ‘fastest, best,’ etc. etc. I hate the clutter of toolbars preferring a minimalist approach giving maximum usable browser screen area. [End of lecture ;D]
