I was curious as to whether my machine has been infected or not, I was browsing the web and did a bit of mis-typing and came across a web site hxtp://www.ecchi-haven.net, the next moment i know I am getting a pop up saying a virus dectected with a malware/worm. I dont care if the website is infected its my own fault I accidently went there :-[
Avast did log the warning it is listed as follows 19/06/2009 18:05:51 SYSTEM 1116 Sign of “HTML:Script-inf” has been found in “hxtp://www.ecchi-haven.net/” file.
Avast stopped loading the website , I then immediately closed my browser (IE8) and wiped my temporary internet files, I also did a selected through scan of “Internet Explorer”, “Windows”, “java”, “Adobe” & “Microsoft Software” folders.
the scan came back clean of those folders.
However would it be possible if my machine is still affected or did I & Avast manage to stop any infections coming onto my pc.
any help would be appreciated.
ps
I have not done a boot scan yet and will only do one if neccessary
okay, thank you :D, its a relief to know that my system is hopefully safe. ;D
Well hopefully I shall browse the web a bit more carefully :-[, I can hopefully say lesson learnt, anyway just wanted to say thank you to the people that replied to this post and helped, many thanks ;D
You could also scan with some other applications that compliment avast.
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of securty, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
I don’t know as there are also other pointers to this URL and if it were this one I would have thought that the malware name would be different. However, it does look like that is it, as outside of the browser if I try to download that css.js file from there the Network Shield alerts on that domain as a malicious site.
I know it’s not my own thread, but I had quite a similar problem today, so I guessed I better share it here.
As I was opening a thread on a forum, I got a warning from Avast (in the log, it’s said: 20/06/2009 11:57:30 SYSTEM 1788 Sign of “HTML:Iframe-inf” has been found in “hXXp://pixhost.eu/avaxhome/avaxhome/2007-03-09/barakaFT.jpg{gzip}” file.). When the warning prompted, I had no choice from Avast, weither I want to delete something or not, or put it in quarantine. What is even more puzzling is the fact that the url had nothing to do with the website I was browsing (but somebody just said there were other pointers to the URL David was talking about, maybe that’s because of that).
As David, I was just wondering if nothing has been infected in my system, and how could I prevent myself from such issues in the future.
I think you should be ok to re-scan and choose to delete the infected registry values found (maybe wait for confirmation)
Viinncceennt,
This should really be in it’s own thread, however,
Please could you modify your link to make it inactive please (change the http to hXXP) this will prevent other from potentially becoming infected.
If it was a web shield alert you would have been alerted with a popup (with the option to abort connection) and a notification similar to the one attached to DavidR’s post
If it was the network shield, you would have just been alerted with the nitification at the bottom of the screen (DavidR’s image)
-If I have got this the wrong way round please confirm-
Either way the malware was prevented from downloaded onto the system and you should not have been affected by it
Thank you very much for this quick answer, what you described looks like what I got (BTW, is it possible that I got a warning from the web shield and the network shield too, because I think this is what I got (a pop-up plus a yellow notification in the left bottom corner).