Trojan Downloader - No trace

I opened an email the other day in my yahoo account it was a “picture FWD” so I clicked on it to see who sent it, thinking yahoo’s virus detection would pick up any virus. However before actually seeing the pic, I got a warning from Avast that there was a Trojan downloader present and to immediately go offline which I did. I ran several thorough scans but found nothing, checked the Vault, nothing present. My pc seems fine, not slowing down or any of the telltale signs. What should I do, please?
Windows XP Home Edition, Internet Explorer 6, Avsat version 4.8 Home Edition Free Antivirus, Windows Firewall

I think you should do nothing… avast has blocked the virus.
If you want the general cleaning procedure just to be sure…

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Clean your Hosts file (replacing it) with HostsMan tool.
  7. Disable System Restore and then reenable it again.
  8. Immunize your system with SpywareBlaster.
  9. Check if you have insecure applications with Secunia Software Inspector.

Two questions:
Schedule a boot time scanning with avast with archive scanning turned on.
How do I do this with Avast 4.8 Home Edition - Free?
and
Do you think its possible my passwords have been accessed?
Thanks

Scheduling the Boot Time Scan
Click on the Menu button.
Choose Schedule Boot Time Scan.
Doing so displays a dialog allowing you to schedule virus scanning.
Check Archives, if you want scan all the archives.
Specify whether all the disks or just a specific folder should be scanned.
Select Advanced options for scheduling details.
Select how to automatically process infected files (suggestion: send to Chest)
Choose how to automatically process infected system files (suggestion: ignore/do nothing)
Click the Schedule button to confirm the settings.

Why aren’t you using the avast 5 version?

No. I think you’re safe.

@sweets:
Updates are essential…!
Therefore you should update: (if possible with your system…!)

  • avast to 5.0.594
  • IE to 8 (with all security patches…!!)
  • Your OS (latest SP for XP is 3…!! for 32bit systems)
  • You mailclient…
  • etc… As all updates can help prevent you from getting infected…!!!
    asyn

To answer your questions:
Just haven’t gotten around to Avast 5.0 yet but I have been AVS updating every day
I stick with IE 6 because I’m a dialup dinasaur, too many security updates, not enough RAM
SP 2 again because of dialup ISP
To get back to your recommnedations:
I did the scheduled boot scan, nothing turned up in the Avast log viewer, need I go further?
Your other recommendations:
If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Clean your Hosts file (replacing it) with HostsMan tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster.
9. Check if you have insecure applications with Secunia Software Inspector.
I should’ve mentioned earlier I use dialup, any small download substitutes for the above recommendations?
Dr Web CureIt is a 45 MB ram download, too long for a dialup dinasour, any substitutes that are small downloads?
Can the above be found for free?
Does Avast 5.0 afford more protection than 4.8 if I’ve been updater AVS?
If you could, please take the time to answer all the above. Thank you

Can the above be found for free?
yes, Dr.Web / Malwarebytes / Superantispyware is free Dr.web is a program you download and use when you have/want to clean an infected system, it is fully updated when you download it. Malwarebytes and superantispyware works fine with avast, if you have to chose only one, go for Malwarebytes, a 5.87mb download. always update MBAM before you scan, so you have latest database http://filehippo.com/download_malwarebytes_anti_malware/
Does Avast 5.0 afford more protection than 4.8 if I've been updater AVS?
yes, newer technology and better detection on the newest bugs...
SP 2 again because of dialup ISP
DavidR is on dial-up and he is using avast! V5

You can order an SP3 update CD directly from Microsoft for a small fee and you can keep it to update your friends systems as well

Windows XP SP3 includes all previously released updates for Windows XP, including security updates, out-of-band releases, and hotfixes. It contains a small number of new updates, that can help make it easier for Windows XP customers to be sure their system is up-to-date, but should not significantly change their Windows XP experience.

https://om2.one.microsoft.com/opa/Validation.aspx?StoreID=ce6e3afc-6b25-4f99-8913-3e3453ad966d&LocaleCode=en-us&JavaScriptOn=yes

yes, newer technology and better detection on the newest bugs
Then I will have to download it. Any special way to do this like uninstall 4.8 first or just go to the website?
As for the other downloads suggested for infected files, since I’m using a dialup connection, can you suggest any small download substitutes?

Go to PROFILE then Modify Profile then Forum Profile Information then Please select your country: then Signature: and put information about your system just like my signature about your system just like my signature so that the helpers can offer pertinent advice.

There are Download Managers that permit getting files in segments.

Look at:
Download Accelerator Plus

I suggest an installation from scratch:

  1. Download the latest version of avast! Uninstall Utility and save it.
  2. Download the latest avast! version and save it.
  3. Uninstall avast from Control Panel (if possible). If, for any reason, you can’t run it, try booting in Safe Mode and doing it from there. Anyway, boot after that.
  4. Run the avast! Uninstall Utility saved on 1. If, for any reason, you can’t run it, try booting in Safe Mode and doing it from there. Anyway, boot after you’ve run it.
  5. Install avast! using the setup saved on 2. Boot.
  6. Register your free copy or add the license key for Pro.
  7. Check and post the results.

Other download manager: http://www.freedownloadmanager.org/

http://hosts-file.net/?s=www.freedownloadmanager.org&x=32&y=7 <== • EMD - sites engaged in malware distribution
This classification is assigned to website’s engaged in the distribution of malware (e.g. adware, spyware, trojans and viruses etc).

Download Accelerator Plus

This download manager brings much more to the table than fast file transfers, but it definitely delivers those, too. Increased download speeds are Download Accelerator Plus’s bread and butter, speeding up downloads by almost 200 percent in most cases and occasionally as high as 400 percent.

http://download.cnet.com/Download-Accelerator-Plus/3000-2071_4-10037157.html

@ sweets

With dial-up you have to manage things but it is possible, when there are large security updates I visit windows update and do a custom install of bite sized chunks two or three update not exceeding 10MB or so and go back again later and repeat the exercise until I have them all.

I have a friend whom I help a lot and they have broadband and I gave them a USB stick, the link for the SP3 full off-line installation (360ish MB) and they downloaded it for me. Another option if you have a local library or club, etc. that has broadband you could download it there.

XP SP3 full off-line installation file download http://www.microsoft.com/downloads/details.aspx?familyid=5B33B5A8-5E76-401F-BE08-1E1555D4F3D4&displaylang=en.

I did the same for .net 3.5 and .net 4.0 for a program that I wanted to update as it now requires .net 3.5, that exercise failed miserably, I got the downloads and installed .net 3.5 (with SP1) and 4.0 no problems and then windows update said I had updates. Even though I supposedly has 3.5 SP1 it was still saying I had to download 65MB of another update. Not a chance on dialup and I couldn’t find a direct download link. So yes dial-up can be a real pain in the rear for some applications and keeping .net framework up to date is a point in question.

They are all great suggestions and I thank you all and will update my profile as suggested but as for accelerators, I’ve tried several and they don’t work well and with Netzero dialup my connection will shut down after an hour so downloads over 45 minutes are pointless unless I stand there and watch. So I look for small download substitutes, thanks

You’re welcome…!
The dial-up users will be able to answer the other questions related to it better than me…
asyn

http://hosts-file.net/?s=www.freedownloadmanager.org&x=32&y=7 <== • EMD - sites engaged in malware distribution
This classification is assigned to website’s engaged in the distribution of malware (e.g. adware, spyware, trojans and viruses etc).
[/quote]
I know that… I think hosts managers overestimate this classification. I never had a problem with software from there. Maybe I’m lucky or just don’t play with fire at that site. The application is secure, clean, very good download manager. In my opinion, far superior of DAP in features, configurability and it’s fully free (without features of the paid version).

You’re welcome.

I too tried accelerators and found them to be very poor (I even went to the trouble of actually paying for the service, ended up getting a refund). They are for the most part useless for .exe downloads as the exe file is already packed and for everyday browsing any improvement (by degrading image quality) and compressing html & javascript files really doesn’t make that much difference.

NetZero is about as cheap as you can get but is it worth the free junk ???
http://www.netzero.net

You like to play on the edge of disaster so you are welcome to play with known malware sites. :o

It’s not a malware site. It’s not an infected application. As simple as that.
http://www.virustotal.com/analisis/0a777b6dbd90ae10b780001ca949b8e40d4fa62fd314468627c0ff9c2769a686-1280433616

You can submit any file of it, you can check the site against other malware scanners also. WebShield says nothing about the site.
It’s just hosts overestimative.