My husband and I are dedicated avast users, and have it set to automatically update the software and database. As a result, he was quite surprised when a message came up from a website indicating that his computer was sending DoS packets as a result of infection with Rustok-N. We’re in the process of attempting to clean this from his machine (and of course ensuring that the rest of the computers in the house are also clean.
I would be vary wary of these type of alerts as there really are many scams out there, which produce fake security alerts. Did it by any chance offer to scan your computer or clean it, etc. ?
What was the sites URL, change the http part of the URL to hXXp so the link isn’t active to avoid accidental exposure.
If you have an effective firewall (which is ?) then it should block unauthorised outbound connections such as these.
Slight correction. First, it is a site he’s gone to before (namely this morning - he only identified it to me as ‘a porn site’.) Apparently this morning avast bleeped on it, and he immediately disconnected the Ethernet cable and ran a full scan, and told Avast to delete the file that it found.
For the record, I hate doing tech support after the fact. Half the time, when he has a problem with the machine I just hear ‘Huh?!’ from behind me.
So anyways, a few minutes before I registered here ;D he tried to get to the site again, and got the splash about the DoS.
Having reported what you have of avast previously alerting on the site, this was likely to have been the web shield alerting and normally that blocks whatever it was on the site, it should have only given one option Abort connection, which terminates that particular items download.
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx or URL) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe - Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log
Going back to the same site is madness and I suspect given the nature of the site that this is none other than a fake alert as I somehow doubt they give a stuff about your system. Many of these sites have a high security risk in their own right.
You didn’t say what your firewall is ?
You could also try these tools as a complimentary addition to avast.
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
SUPERantispyware On-Demand only in free version. - 2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
I suggest an avast scanning at boot time and full scanning with MBAM.
Post here the results and we can further check them.
Why was your husband playing with fire?
The scan revealed that the infected file was AruaROSE.exe, which we found on C:\Users\Owner\Desktop\New Folder (his default download directory). It was actually unable to be scanned, as it was a ‘decompression bomb’. It was also unable to be automatically deleted or moved to the Chest. I went in and manually deleted it, re-ran Avast, and got a clean scan.
The decompression bomb name, just means it is a highly compressed file that if unpacked would be very large and that is why it wasn’t scanned. Though I surprised it couldn’t be added to the chest or deleted, but manual deletion was the way to go.
Did you run the other two applications and if so what were the results.
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
I’ve had a hell of a time with MBAM. It took going to a third-party download site to get the product itself, and even then it isn’t able to connect to the server to get an update. It’s in the middle of a thorough scan right now.
You must update MBAM before you scan, go to the link using another pc,download the updates,transfer to infected pc via cd. Exit MBAM, double click on update file to update,then perform a quick scan