Trojan Horse Blocked (pop-up) but wasn't at page...??

i have avast free 8.0.1483

a couple of times recently i received a red pop-up that claimed avast had blocked a trojan horse, & wasn’t i lucky?

in fact when i go for more info, it leads me to this page:

avast! saved your computer from crashing
You just dodged a bullet

You may be wondering how you ended up with a virus, especially if you were visiting a ‘normal’ site. The latest research from the avast! Virus Lab shows that more than 80% of malware (viruses, spyware, and the like) spreads through legitimate websites, with only 1% coming from suspicious or ‘dodgy’ sites.

Good thing avast! had your back.

Infection Details
URL: http://search.yahoo.com/search?cs
Process: C:\Program Files (x86)\Mozilla Firefox\f…
Infection: JS:ScriptPE-inf [Trj]

it seemed weird to me both times i noticed it happening, since both times it referenced a search via yahoo, & i NEVER use yahoo search - ever!

when i asked for the last pop-up window (which i saw suggested somewhere here, it brought up something i never did a search for)… why am i thinking that this is a way for avast to try to get people to pay for the full version?? that’s what i thought both times since it mentioned a URL i wasn’t at, & in fact my computer had been sitting there idle for awhile, with hardly any pages up & definitely nothing that was related to what it referenced.

(could any of this be related to TrackMeNot?)

follow guide and attach logs. (not copy and paste) http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

when done, removal experts will be notified

ok… most of it completed except for last step (hope i don’t have problems after that one that require steps i won’t even be able to see if i have problems)

so here are those other attachments.

Hi does this only occur in firefox or is it all browsers ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
[2011/10/24 17:15:37 | 000,000,000 | ---D | M] -- C:\Users\cin\AppData\Roaming\FreeVideoConverter
[2010/12/26 16:40:38 | 000,000,000 | ---D | M] -- C:\Users\cin\AppData\Roaming\GetRightToGo

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

before i do anything, why can’t i post the results of that long last scan? no .dat allowed, but it was saved as that automatically

btw, only use firefox really

what scan?.. and dat file is not a log

anyway since essexboy have created a fix for you to run, it means he has probably seen the problem and got the info he need

i’m not sure where that .dat file came from - i hadn’t closed that last scan window yet (from the instructions on the other page, last step), so i saved once again & then it was a txt file (shrugs) - i’m attaching it anyway, just in case the info is needed.

ok, ran the OTL thing again, with the setup as instructed. computer rebooted (tho there was a security warning just before windows was loading), & then i had to go find the OTL.exe file & when i did, i just double-clicked on it & hit “quick scan” - tho once it was running, i noticed that the settings were a combination of the settings from the original scan (from the other page) & the adjusted settings (from this page, with the “fix”)… so i don’t know if i have to run the quick scan again or what… let me know (since ‘all users’ was not checkmarked). i’m attaching a screen capture of the settings that came up & were used since i wasn’t told exactly what to do there & didn’t notice the differences at that point anyway…

so first attachment will be the thing that i got after doing the long, drawn out scan from the instructions on the linked page
the next attachment will be the window/notepad doc that was up when the system rebooted after the fix (above)
the next attachment will be what OTL had as its settings when i found it, double-clicked, & ran ran the quick scan w/o looking at settings
the final attachment are the results from the (?) quick scan

Are you still getting the alerts ? The dat file was a copy of your MBR in case I needed to look deeper at it

well not at the moment, but i only got the alert (the trojan thing, referencing some yahoo search) a couple of times in the past - it wasn’t a thing that was constantly coming up, so it’d be way too early to tell… like i mentioned, the two times i remember the alert coming up, my computer was pretty much idle for awhile (half hour or more), & avast seemed to have just done one of its daily updates (seems like there were more than 1 a day) & then the weird trojan web page alert would come up, out of the blue & unrelated to the few tabs i had open.

are you seeing anything in any of these scans etc that would make you think i had some bigger/deeper problem somewhere? (i can explain why i’m asking after you answer)

I can see no indication, the alerts look to be generated on whatever page you were visiting as a redirect

so there’s nothing else i need to do now? (i should just delete those programs i downloaded for this today then?)

isn’t it strange that i wasn’t in the middle of any redirect, or anything at all when these alerts (the 2 over the past couple weeks or whatever) happened?

thanks for your help

p.s. i wonder if there’s anything i should do on my laptop & netbook (even tho i haven’t been using them lately - not even in the past week or so & very little in the past 2 months, when i got home internet service again). i had taken both of those to free wifi places off & on for a couple months before that tho… have scanned them with avast but what else should i do?

(i should just delete those programs i downloaded for this today then?)
Essexboy will remove the tools used when you say so

guess that one confused me
(the ones on my computer?)

For your other question about the risks being on free open Wi-Fi, read (a bit dated but still valid information):
http://www.boingo.com/blog/2011/01/is-free-wi-fi-dangerous/
and an official US gov warning:
http://www.usa.gov/topics/consumer/scams-fraud/computer-internet/wifi-scams.shtml

On the insecurity of open wifi: http://techtalker.quickanddirtytips.com/dangers-of-unsecured-wifi-hotspots.aspx

If you absolutely need access to the internet, pay a few bucks for the more secure option…

polonus

the tools from the guide … AdwCleaner / OTL / aswMBR … Malwarebytes is recomended to keep

Yes, I would keep MBAM and combine it with SuperAntiSpyware, both on demand anti-malware solutions that will go fine next to your avast! residential av solution,

polonus

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run AdwCleaner and press uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button

https://dl.dropbox.com/u/73555776/disc%20clean.JPG

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

ok, i’ve done most of that stuff above (except turning off java in other browsers since i rarely if ever use them & have too many other things to do right now to bother)

would i be able to get your assistance regarding my other computers? i’m not sure if you read above, but for awhile i was w/o home internet service, so was taking my (OTHER) computers - a laptop & a netbook - & using the free wifi places around town. not the best idea i guess, but i didn’t have a lot of other choices. i tried not to purchase anything while doing that but i probably slipped up a time or two. (& yes, i’ve had some issues since then, just recently in fact, & i don’t know if they’re related to that timeframe or what - i just got home access again starting at the beginning of april)

i’d like to know what i can run on these other machines, which i’ve barely used lately. should i install & run all those same programs, even tho i haven’t had them on long enough to see if i’d get any trojan (or other) popup warnings or anything? i definitely feel somewhat insecure now after having a couple issues related to a couple of online sites.

any hope would be greatly appreciated.

Certainly we will run each system separately to avoid confusion

ok… so you mean i should start a new topic, logging in with each computer? i was planning on turning the laptop on in a minute… but honestly i’m nervous about a couple recent happenings.

i hope it’s ok if i just go start downloading & running at least the same first tests… guess i’m confused.