Someplace to report IP address of detected virus?

Viruses and worms
1

Avast detected a virus while I was browsing this morning (Avast said ~ “don’t worry, just abort connection”, so I did.) But there is an IP address where it detected the virus - is there a place to report this?

2

Why not? ;D

It would also be useful to post what avast detected. That can be found in the logs under warning. You will have to expand the columns by sliding them left/right. Also break up the ip so it not an active link,

1 23. 432 . 567 or ava st. c om

Welcome to the forum

3

Ok - the IP address: 80. 93. 48. 74 plpwoeqwdkpwefiwe

Um, seem to be having trouble getting the Log Viewer to open - right-click on the icon in the tray and select Log Viewer, right? It’s not opening, just leaving a “ghost” on the desktop which refreshing doesn’t fix.

4

Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.

You can export the current list and copy and paste the contents of the infection warning into your post, see image.

Try double clicking on the ashLogV.exe file in the avast4 folder and see if that opens it OK.

5

No, it’s not opening, not from the tray icon and not from the folder. :frowning:

6 
80.93.48.74plpwoeqwdkpwefiwe

I’ve tested this against Dr. Web and the site cannot be reached. Is it the correct URL?
Even adding http or www does not work.

7

forward slash after the IP and forward slash after the “…fiwe” And of course, http:// before the whole thing, sorry.

8

I’m not sure if a repair will empty the logs or not, but may resolve the problem.

In add/remove programs, highlight avast, click add/remove, scroll down to repair.

Coping the existing log to a temp location will preserve it though, just in case.

C:\program files\alwil software\avast4\data\log

You can also view the warning log from the above location with notepad.

9

OK, here’s what the warning file said (viewed w/Notepad):
10/7/2007 4:51:08 AM 1191747068 SYSTEM 1756 Sign of “JS:Agent-Q [trj]” has been found in “http: //80.93.48.74/ tersreqwsrewter/” file.
10/20/2007 11:01:41 AM 1192892501 SYSTEM 1820 Sign of “JS:Agent-Q [trj]” has been found in “http: //80.93.48.74/ plpwoeqwdkpwefiwe /” file.

I am noticing that it showed up before on the 7th, same IP. At 5AM that was probably my daughter logging into MySpace, and today, I was logging into MySpace when it happened…hmmm. BTW, tracing the IP address goes to a Russian site.

JS - is that JavaScript?

10

I would try a repair of avast, but I don’t think that will be of much help.

This might seem out of left field, but what is your firewall, as there have been some cases of what would appear ghost windows and or remnants left after closing for Kerio firewall ?

Yes JS is javascript and it could be a javascript redirect trying to take you to or open another page and that is where the malware resides.

11

Right or wrong, myspace, utube, even facebook has had the finger pointed at them as source of malware.

Now for your other problem, did you try a repair? anything else running that may cause the interface not to open?

BTW you should break the links in your post. Sometimes people like to click on pretty blue things. ::slight_smile:

12

:-[Sorry about the links, I thought the quotes fixed that ulp!

Running Defender (on Vista) only.

Didn’t try a repair, and I haven’t changed anything on the computer lately. The latest Firefox update didn’t take (just yesterday, I think). Maybe I should restart.

13

Hmmm… why don’t you try AVGas or SpywareTerminator?

14

I honestly can’t say if defender(I’m thinking antispyware) would stop the interface from opening. I guess the only way to find out would be to pause/stop it and see. Or is "defender the name of the vista firewall?

15

No, it’s not guilty. I’m just saying that there are better antispyware tools to use.

No. It’s Windows Defender, the antispyware (antimalware) tool.

16

superantispyware is free, but non resident, avg antispyware resident during trial period.

I was thinking that it was windows defender, but DavidR had asked about a firewall and she had replied to his quoted post.

17

Ooooh I thought it was a firewall. The icon is a wall, for godsakes! :-[

Edit - Is there such a thing as a free resident firewall program?

Edit again :-[ - I am actually running the regular Windows firewall, I just looked.

18

No problem.

I think comodo is vista compatible. sorry I don’t have a link, but a search of this forum should turn one up.

19

Only the beta version 3.0 of comodo is compatible with Vista but a number of people have had issues with that. It really is strange why there aren’t that many firewalls (certainly free versions) that are Vista compatible, after 10 months of since the release of Vista.