Hello!
A few weeks ago i sent a message here because i didn’t know how to eliminate Win32:Ad-ware-gen. [Adw]. I folowed the instructins of someone and it worked. Since then, everytime i connect to internet my avast says i have a Trojan or downloader.Horst.al and i put it in quarantine. I don’t know why this happens. The files infected are always in the temp files and i don’t know what to do. I have avg anti-spyware, avast home as antivirus. They are good because the detect the virus but what can i do to prevent them to enter my computer? I want to put a firewall in my computer but i don’t know which to choose, can anyone help me?!
???
Thanks you
Bárbara Gomes
What is the location and file name of the infected file/s, e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections.
If they are in your temp folders (do you mean your Temporary Internet Files) and a it is being detected by the standard shield provider. What surprises me is it isn’t being detected by the web shield provider. Is the web shield provider enabled ?
Without a firewall it is an uphill battle to remain clean and is something essential, I have no idea of your experience but I think it is limited, so you should use a firewall that is relatively user friendly and that to my mind would be Zone Alarm free.
Zone Alarm free http://www.zonelabs.com works fine with avast and has a reasonably friendly user interface. There are others, Comodo, Sunbelt Kerio, Jetico, etc. but these are rule based and unless you have some knowledge of firewalls you are likely to find them intrusive and possible confusing.
Hello.
My internet shield is working normally, it’s connected.
The infected files are in here C:\Documents and Settings\Utilizador\Definições locais\Temp , one of the infected files has this name : 19exmodul32g.3.exe Win32:Horst.DZ [trj] (other are Win32:Horst.GG [trj], Win32:Horst.GH [trj]).
When i go to C:\Documents and Settings\Utilizador\Definições locais\ there are 4 folders, one with the mane temp, another with temporary internet files, apps and the historic of the internet.
The firt trj to appear was : [UPX].vir in C:\Programs\Alwil Software\Avast4\DATA\moved (Win32:Horst.DZ [trj] ) and it is in quarantine.
Thanks* ???
The .vir suffix is used by avast when you use the Move (but not move to chest) and it is located in the Moved folder which is normal, it isn’t actually quarantined, unless you are saying there is also a copy in the chest.
A forum search for exmodul finds many hits:
http://forum.avast.com/index.php?topic=20027.0
http://forum.avast.com/index.php?topic=19474.0
These may help in cleaning the infection.
Do you have a firewall, if so what is it ?
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.
- Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.
Also ClearProg - Temp File Cleaner or CCleaner - Temp File Cleaner, etc. either of these help to get rid of the junk in your temp folders.
Hello!
Thank you for the help!!!
I have avg antispyware, comodo as firewall, and i use as a cleaner Advanced WindowsCare V2 Personal, a friend of mine recommended, i don’t know if is the best, but if not tell me and I’ll change it.
I went to that forum of the Brazilian i did what he wrote. Hope it is enough to solve my problem.
Thank you for everything!!
Bá 
Comodo should alert you to new unauthorised connections to the internet so any downloader on your system, trying to get a connection to download should be intercepted. So that plus the alert by avast should stop anything getting executed.
You should use one of the cleaner programs to periodically clean out the temp folders. My problem is why avast can detect them in the temp folders yet not be able to stop them getting there in the first place. The web shield can detect what the standard shield can so if it is enabled and working, it should be able to intercept and detect them before they get into the temp folders.
So if you are still getting detections in the temporary internet files folder then I’m asking the same question again. Is the Web Shield enabled and working, e.g. the avast icon rotates as you browse, the Scanned count: number increases and the Last scanned: file changes also (see image and confirm).
Are still getting these alerts in the temp folder ?
The comodo is great, working perfectly!
The web shield it on, the icon moves when i search in the internet. since I installed the comodo and did the Brazilian procedure it hasn’t entered anymore exmodul… nothing suspicious in the temp folder.
I don’t know why it didn’t detected, but my shield was on all the time.
Now i have a temp cleaner (CCleaner).
thanks*
It looks like the exmodula horst infection is gone now and once out hopefully locked out.
Thanks for the screen shot, even though in a different language with avast everything is in the same locations so no problem working out what each title is, thanks.
Thank you for the time you spent with my problem! ;D
Help! I am new to all of this stuff. We have been getting a win32Horst.GV trojan horse coming up on our computer 1 or more times a day. It is our setup.ex documents and setup all users doc. file. Where is it coming from and how do I keep it from coming in? Also how do I get rid of it from my documents files. I need all the help I can get and I need it explained simply as I’m not very technical-minded ??? Thanks.
Totally confused.