Well the other day I was going to browse espn.com and I accidentally typed espn.c-m (without the dash, I dont want anyone copy/pasting that and having the same thing happen) and avast! gave me a Trojan detected alert (Or Trojan Horse was Found). Anyways, the site apparently redirected me elsewhere to something like viralvideoss.notgoingtotypetherest. I did what avast! wanted and clicked abort connection for each instance of the detection. Now I havent found/seen any adverse effects to this that would hint that the Trojan actually got through, but I was wondering if you guys could self assure me on this issue. UPDATE: Changed the http’s to hxxp, so that no one would can click on links, big oversight on my part, sorry!
Here is the avast! log that was created upon the warning:
7/16/2009 7:27:44 PM 1247786864 SYSTEM 1592 Sign of “JS:Packed-T [Trj]” has been found in “hxxp://laverdad.0fees.net/index.php” file.
7/16/2009 7:27:45 PM 1247786865 SYSTEM 1592 Sign of “JS:Packed-T [Trj]” has been found in “hxxp://laverdad.0fees.net/pdf.php” file.
Also incase it would make any difference, here is the Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:36 AM, on 7/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\CTsvcCDA.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\WINDOWS\system32\SearchIndexer.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Microsoft IntelliType Pro\itype.exe
F:\Program Files\Microsoft IntelliPoint\ipoint.exe
F:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
F:\Program Files\HP\hpcoretech\hpcmpmgr.exe
F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
F:\WINDOWS\system32\hphmon05.exe
F:\WINDOWS\system32\CTHELPER.EXE
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
F:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\SEC\Natural Color Pro\NCProTray.exe
F:\Program Files\Windows Desktop Search\WindowsSearch.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Apple Software Update\SoftwareUpdate.exe
F:\WINDOWS\system32\DllHost.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM..\Run: [ATICCC] “F:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe”
O4 - HKLM..\Run: [itype] “F:\Program Files\Microsoft IntelliType Pro\itype.exe”
O4 - HKLM..\Run: [IntelliPoint] “F:\Program Files\Microsoft IntelliPoint\ipoint.exe”
O4 - HKLM..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [QuickTime Task] “F:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “F:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM..\Run: [HPHUPD05] F:\Program Files\Hewlett-Packard{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM..\Run: [HP Component Manager] “F:\Program Files\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKLM..\Run: [HP Software Update] “F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe”
O4 - HKLM..\Run: [HPHmon05] F:\WINDOWS\system32\hphmon05.exe
O4 - HKLM..\Run: [SBDrvDet] F:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..\Run: [CTSysVol] F:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM..\Run: [CTDVDDET] F:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [Windows Defender] “F:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKCU..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [SB Audigy 2 Startup Menu] “F:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE”
O4 - HKCU..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Windows Search.lnk = F:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvlsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
–
End of file - 7881 bytes
Also, if it would help you to know what type of protection I use, it includes Windows Defender, avast! Home Edition, and Spybot. Thank you all in advance.