I keep getting a recurring warning from Avast Home about a Trojan. It hits within 10 minutes of startup. Doesnt matter if email (Outlook) or web browser (Firefox) is running or not as long as my wifi is turned on. Dell notebook with Vista, all up to date. I delete the file every time but it comes back every day. Here is the info…
This is a “Situation” where I believe a “2nd Opinion” should be done by using
excellent antiMALWARE programs like Malwarebytes Anti-Malware and
“SUPERAntiSpyware”, both of which come in FREE Versions .
Are you getting the avast alert when visiting a specific site with your browser. The flag could be for a re-directing Trojan iFrame exploit on a hacked site. What site do you frequent that could have been injected through malcode?
I have run a few online scanners as well and nothing shows up but it is still doing it. Avast finds it every time, I delete it every time, and about 3-5 minutes after startup there it is. Could this be a false positive or a file generated by something else?
I did step 2 as in above.
A curious thing…
This is the location of the file in the Avast log: C:\Users\Earl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJFZRDGG\ipaddressd[1].htm
When I try to navigate to the file location above to upload it to VirusTotal there is no location below \Temporary Internet Files. In other words I cannot navigate to “\Content.IE5\DJFZRDGG\ipaddressd[1].htm” it appears to not exist!
Here is the log of the scan done in the quarrantine: folder…
Scanning of selected files
Program will try to scan 1 selected file(s) in the Chest
Move files to temporary folder: C:\Users\Earl\AppData\Local\Temp_avast4_\unp13986436.tmp
FileID: 0000000006 Original file name: C:\Users\Earl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23P2M67H\newer[1].htm New folder: C:\Users\Earl\AppData\Local\Temp_avast4_\unp13986436.tmp\6.htm
Scan files in the temporary folder: C:\Users\Earl\AppData\Local\Temp_avast4_\unp13986436.tmp
C:\Users\Earl\AppData\Local\Temp_avast4_\unp13986436.tmp\6.htm HTML:IFrame-KT [Trj]
You could try this - you will need to download defraggler, so may have to do so on different clean computer and transfer to your system with a flash drive. So take adequate precautions to prevent virus spread through flash drive having been connected to yr computer.
Anyways, once defraggler set up and is running, click Analyze for a reading of your system drive (Drive C: - for most people)
This should bring the difficult file to surface - click View Files and look under Filename column for the file.
(screenshot shows files in Content.IE5 on this computer highlighted by red arrows - I will choose file ‘prototype [1].js’ as my example)
If the file is located, rightclick the file and choose Open Containing Folder.
This will give you a tree hierarchy of your computer in a left hand pane and the files contained in the Folder in a right hand pane. (next screenshot shows file and containing folder in red circles with a red line connected the two. You will now be able to take action)
I have found this method to be one of the best ways to search for files that are contained in Content.IE5 location.
I’m sending this through from a clients computer, so now I continue to clean up his system. This folder 7AI3X128 can be deleted as it it superfluous to the smooth running of the system.
Response to the above post…more stuff learned.
Using the above method I was able to locate the Content.IE5 folder and delete all the folders under it except one…33G7C990. I was not able to delete that folder because the system said that a file in that folder was in use by another program. I entered that folder and was able to delete all files but one…IPADDRESSD[1].HTM.
Again the system says the file is in use by another program. There were no user programs running but the file browser. This is the same file that shows up in the Avast logs. The mystery continues…