Trojan horse blocked by web shield

Hello, I would like to make sure that everything is fine.Avast recently blocked BV:DelFiles-AZ[Trj].This was blocked by the wonderful web shield. I did a full scan with MBAM all drives and nothing was infected.I also did a quick scan with Avast. I also checked my task manager and to me all is normal. Usual processes running etc. Also,if any professional would like the link I would be glad to give to him/her. Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Mariano :: MARIANO-PC [administrator]

Protection: Enabled

1/21/2012 10:58:11 AM
mbam-log-2012-01-21 (10-58-11).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 333489
Time elapsed: 1 hour(s), 7 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Seems you’re clean due to Web Shield.

If you want more peace of mind, I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use Comodo Cleaning Essentials (CCE), or MBAM, or SUPERantispyware to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Read these instructions and provide more info with the logs generated. But, please, do NOT post there, open a NEW thread for your specific problem and help us to help you.
  6. Clean your Hosts file (replacing it) with HostsMan tool.
  7. Disable System Restore and then reenable it again.
  8. Immunize your system with SpywareBlaster.
  9. Check if you have insecure applications with Secunia Software Inspector.

If the infection avoids booting the computer, take a look here http://forum.avast.com/index.php?topic=79107.0

Hello Tech, how do I delete temp files? Sorry, i’m not so experienced. Also, how do I accomplish this host file cleanse, and the system restore instruction that is all I have already completed the other instructions besides the root kit scan. However, my computer seems fine

TFC - Temp File Cleaner by OldTimer
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

Also,if any professional would like the link I would be glad to give to him/her
yes please....post it none clickable www as wxw or http as hxxp

also i would suggest you go directly to Tech`s step Nr #5 and let Essexboy check it out…
then you want have to run all those tools :wink:

Hey there I would be glad to give you thank link but, I can’t copy paste in the web shield log.Any other way? However,I can tell you that it was a youtube page. Dang hackers infecting url’s! Oh, and I will do step 5 as you said thanks!

only detected by avast/Gdata

Virustotal - HTML scan 2/43
https://www.virustotal.com/file/f09afb023ab185e65de5b9ccbf6c265436dd48a39c269e7eb5d8c08975831423/analysis/1327182481/

The suspicious tag code on that URL:

-s.ytimg.com/yt/jsbin/www-core-vflhsQp1o.js suspicious
[suspicious:2] (ipaddr:74.125.227.0) (script) -s.ytimg.com/yt/jsbin/www-core-vflhsQp1o.js
status: (referer=-www.youtube.com/illbbacksoon)saved 208421 bytes 3a20bd9be3ea01dfe36b135289cc991399010d94
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [script] -s.ytimg.com/yt/jsbin/
info: [script] -pagead2.googlesyndication.com/pagead/ads.js
info: [iframe] -s.ytimg.com/yt/jsbin/
info: [decodingLevel=0] found JavaScript
suspicious:

polonus

The otl log is more then a 1000 characters. I will do the rest of the steps tommorrow. By the way do I have to start a new thread for e something guy to help me?

That’s why you attach the log.

Nope. He can help you right here. :wink:

Ok I’ll do the rest of the instruction soon it’s quite late where I live.

Your logs look clean - are you experiencing any problems ?

None at all I am pretty sure i’m fine! EDIT: woha MBAM just blocked an malicious ip coming out of avast.svc or something like that. Oh, and here is what it said 2012/01/23 18:05:10 -0800 MARIANO-PC Mariano IP-BLOCK 87.118.92.88 (Type: outgoing, Port: 49318, Process: avastsvc.exe)

Aye for some reason MBAM does not like some of the Avast update servers - which is why that is turned off on my copy of MBAM

Oh, ok cool. Well, seems i’m clean you may lock this thread ;D