Trojan horse dtected by the online protection

A It started few days ago showing “Avast Warning! A trojan horse was found” filename https://feeds.feedburner.com/Imlog?format=xml\[gzip]
I only have the otion to abort the connection

But when i scan the disk Avast did not find it, how do I remove it?

What was the trojan name of the detection ?

That is because the web shield only gives one option, abort connection, which drops the object from being downloaded to your system, so it isn’t too surprising that you don’t find anything on a scan.

This is in a way interesting as I paid a visit to hXXps://feeds.feedburner.com/ and firefox displayed a security alert that the ssl certificate was invalid, see image. It looks like feedburner now belongs to google, see https://www.google.com/accounts/ServiceLogin?service=feedburner&continue=http%3A%2F%2Ffeedburner.google.com%2Ffb%2Fa%2Fmyfeeds&gsessionid=DsAOUCuBT34fbT9ILa3Ung.

So because of this invalid ssl certificate issue I can’t check out the link you gave, using firefox.

When I tryed to visit the site, I get this error:

The final parenthesis of the filename are not squared, they are
https://feeds.feedburner.com/Imlog?format=xml\{gzip}

It keeps trying to download it, even if I cancelled Imlog from the feedreader (greader)

What can I do to avoid the pc try to download the trojan?

That’s the name HTML:Iframe-Es[trj]

This is the webshield component of Avast. It has detected a malicious file on the site, and prevented the download. This is why you can’t detect it on the PC.
As to why your browser is letting you get far enough that the webshield fires, that’s another issue.
Mine won’t connect to that site.

-= Blocked by Firefox…

so what you suggest me to do? I also use firefox. I also canceled temporary files but FF it’s still trying to download it

-= If you use the beta… Press CTRL+SHIFT+DELETE then scroll down & select Everything…

-= OR delete the download manually, press CTRL+J then cancel any active download, then select clear list…

-= Furthermore, you may use disk cleanup…

-= These are just few tips & in case that it wont work, we’ll be needing more info about the problem…

Cleared everything, included chronology and download, still having the problem :-[

-= Huh…? Could there possibly be an infection in your system…? Hmm… Try running Malwarebytes Antimalware or SuperAntiSpyware and post the log here…

Just run superantispeware. It did not find anything then a few cookies. How can I stop this?

-= How about Malwarebytes…?

It founds some problems and removed them:

Infected register keys:
HKEY_CLASSES_ROOT\ieobject.ieobjectobj (Adware.WebDir) → No action taken.
HKEY_CLASSES_ROOT\ieobject.ieobjectobj.1 (Adware.WebDir) → No action taken.
HKEY_CLASSES_ROOT\Interface{0b0a76e7-ade1-41f4-b157-559605721b3a} (Adware.WebDir) → No action taken.
HKEY_CLASSES_ROOT\Typelib{50da37bb-7083-4fa7-80cf-de4cdb634166} (Adware.WebDir) → No action taken.

Infected files:
C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) → No action taken.

But now I rebooted and the problem is still there. Now maleware does not find any more problem… :frowning:

http://www.malwarebytes.org/forums/index.php?showtopic=6932 this can help you for serauth1 and 2 :slight_smile:

Also post them to virustotal and if its not detected by Avast! and if its a malware then please send them the sample.

Thank.

Mr.Agent

ok I am out of the tunnel. It came out that I had the address of the website feeds in my dynamic bookmarks, that’s why ff continued trying to download from the site. Anyway it was good that I found the 2 trojans …

Thanks for the update.

Though in your extract from the MBAM log you have → No action taken against the detections, is this an old log or did you action them, Remove & Quarantine them ?

If not you should - Run MBAM again and this time when the scan is complete, all detections should have a check mark in the box to the left of the entry, leave them selected (or select if not selected). At the bottom of the window there is a button, Remove Selected, click that and the items will be removed.


MBAM did not remove anything. By each entry above is … No action taken.

That means nothing was removed and the problems are still there.