Since i am a newbbie i thought i should ask here for help.
As you can see in the snapshot i 've attached i keep getting this message from avast when i am connected in the net.
As far as i can understand it is a try from a web place to get in my pc.
Well ,what can i do so i wont have these attacks?
I changed my ip but it wasnt enough.The message keeps coming from time to time.
Anyway ,i think if someone could help me what to do ,maybe he should know the brief story of my pc the last couple of days which i write below:
So,lately i noticed that when i was opening internet explorer (usually i use mozilla) a pop up window was opening too (advertisement).
Then i checked my start up windows files (xp) and i noticed a strange file being loaded with the name “heart spam” which although i was deleting it it kept appearing in my start up.
Well i though i must have some kind of virus /trojan or something similar.
Finally i used some tools (not antivirus though) like adaware ,avg (former ewido) ,spybot search n destroy, and one of the pctools (dont remember the name right now) and it seems that they managed to remove the file from start up folder permanently since after some restarts it wasnt loading anymore.
Then i run a virus check with avast (the one with the restart) and it found a couple of files with a trojan.I deleted the 2 ones permanently but i didnt delete the other 4 cause they were in the restore section of my windows and i couldnt.
Anyway i think i am ok now cause ,as far as i know, the restore section of windows is not used ,although i will delete the 3 other files which are there the next days.
But what about the message from avast which by the way i ve been very satisfied of.
Thank you for reading all this.
Regards,
N.
P.S. Excuse my lame english.
P.S.2 I also include the .txt avast gave me from the reboot scan.
The message you saw can also be caused by a Trojan downloader trying to connect to the internet to download more malware onto your computer.
You did the right thing in scanning with the programs you mentioned, and doing the avast! boot time scan (‘the one with the restart’)- one of them must have found and deleted the Trojan downloader if the message has stopped.
Just to confirm you have no more problems, you could post a HijackThis! log:
Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.
The c:\System Volume Information folder is a part of the system restore function and as such is protected by windows, the only way to clean infected _restore points is to disable system restore and reboot. This will clear ALL _restore points. Once you have disabled system restore, reboot, scan your PC again and if clear enable system restore.
after some days i have tried a big number of anti-mal ware programs both in safe mode or normal.
The names are the ones suggested above in the replies.
I also searched around a little about this message ,it seems that LOP is what tries to get in my pc but of course dont take this for granted since i am not an expert (not even a medium one).
What is happenning is that the various progs found various stuff which i deleted and my pc seems clean now (except the intrusion attempt which keeps coming) although i suspect that i have delete inoccent programs like mirc but which they where proposed to me by the various malware programs.
Also various dll’s were supposed to be a threat and were proposed to me to be deleted by the progs ,so i did.But i am not sure it was good.
I even reset windows firewall to the defaults causing various progs not to work properly (i guess i will have to unblock them again when win firewall asks me what to do ,one by one -not a real problem this)
The only thing that remains for me to do now is to post a hijack log as proposed above by FreewheelinFrank and hope that you will be able to help me to locate the problem.
(It was the first advice actually i guess i left it last because i thought that one of all the antispyware progs would resolve my prob and because i didnt actually believe that someone would want to look a hijack long log and help)
So below is the post
So here is the log from hijack this.
As you will notice there is a bunch of anti-malware programs running right now.I think maybe i should uninstall them now since a vast is the only one tracing the incoming attempt to my pc.Anyway…first i will listen to what you will tell me…
Just to mention something.The most decend antimalware program that is finding LOM seems to be a-square
The log :
Logfile of HijackThis v1.99.1
Scan saved at 8:28:15 μμ, on 19/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Ok i solved the problem.
Actually ,a-squared , a very good anti malware program which was suggested to me did the job.
It managed to find the file communicating with the outside site real time.
This means that a-squared found which file was infected in my pc when the file tried to communicate in the net.
It was identificated to me as an id-injection .
Maybe ,that is why no program could find which file was doing the trouble.