Trojan Horse Blocked?

system · November 1, 2010, 12:54am

I keep getting that Avast is blocking a trojan horse called JS:Downloader-AGS [Tri], what is causing it and how do I stop it from popping up constantly?

DavidR · November 1, 2010, 1:03am

When is this happening, e.g. what are you doing at the time ?

If whilst browsing, if so what is the URL ‘modify’ the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

Is it from the same site, or multiple sites, etc. ?

system · November 1, 2010, 4:58am

Im not sure, I use google chrome and have like 10 windows load when I open it. But it usually happens when im just reading a webpage or something. Heres a screenshot. http://img824.imageshack.us/img824/5868/97641415.jpg

Pondus · November 1, 2010, 6:41am

Try this

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click on the remove selected button to quarantine anything found
you may post the scan log here

Kaspersky TDSSkiller
http://support.kaspersky.com/viruses/solutions?qid=208280684

system · November 1, 2010, 9:13am

Ok, I downloded the program and ran a full scan. Here are the results.

Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org

Database version: 5012

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/1/2010 5:12:14 AM
mbam-log-2010-11-01 (05-12-14).txt

Scan type: Full scan (C:|D:|E:|G:|)
Objects scanned: 340023
Time elapsed: 55 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DavidR · November 1, 2010, 2:53pm

Looks like it could be a case of ads poisoning, where adverts are crafted to be malicious.

However, a search for adtmt.com reveals some interesting (read malware) results, see this one as it also refers indirectly to Google Chrome, but isn’t specific to it. http://www.google.com/support/forum/p/Chrome/thread?tid=09a9e4a72984b56b&hl=en

Also see http://forums.techguy.org/virus-other-malware-removal/432534-view-atdmt-com-spyware-removal.html.

Trojan Horse Blocked?

Announcements