Hi. Had great experiences here last year when my computer had a virus, so I’m back.
And the day my comp. got a virus last year was THE SAME DAY… =.… Sept. 11.
OK
Think this is part of the FakeAV attacks mentioned in: http://forum.avast.com/index.php?topic=48588.0 …
I clicked a link on a site I’d never been to before – surfthechannel.com – and…
…was greeted by a virus warning (NOT Avast – I believe it was the FakeAlert mentioned in the subject). It had the appearance of a warning from Windows (“your computer has been infected with a Trojan Horse…”), so I clicked the appropriate button. (Since I’d recently seen a malware removal tool update in the Windows updates, I thought it must be that.)
Two things opened: a new tab with the “virus treatment” procedure (with a ‘scan’ and ‘detection’ graphic), and an offer to save a file or cancel.
Avast also popped up with a Trojan Horse detection. I clicked cancel, but at this time Firefox stopped responding (I’m on IE now)…
Avast recommended to move the file(s) to the chest, so I did, but 1 at least repeatedly could not be moved because “the system [could] not find the file specified…” which unfortunately put an end to the process of moving all the little devils to the chest (it kept repeating the same couple windows). I restarted and tried again… a few times… then decided to quit trying Firefox… I did a thorough scan of the system with Avast (all drives, files, & folders), and I think it found a few more to move. Here’s the log:
9/11/2009 6:14:25 PM SYSTEM 452 Sign of “NSIS:FakeAV-E [Trj]” has been found in “http://secinstall.info/P3D6B4A0FF522AA1018D6=/install.exe?counter=1\nsis.hdr” file.
9/11/2009 6:14:39 PM SYSTEM 452 Sign of “NSIS:FakeAV-E [Trj]” has been found in “C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\dv3jorc4.default\Cache\FABF4160d01\nsis.hdr” file.
9/11/2009 6:14:50 PM SYSTEM 452 Sign of “Win32:FakeAlert-DB [Trj]” has been found in “C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\dv3jorc4.default\Cache\FABF4160d01$PLUGINSDIR\exdll.dll” file.
9/11/2009 6:17:23 PM SYSTEM 452 Sign of “NSIS:FakeAV-E [Trj]” has been found in “C:\DOCUME~1\User\LOCALS~1\Temp\wb2hGcDZ.exe.part\nsis.hdr” file.
9/11/2009 6:17:26 PM SYSTEM 452 Sign of “Win32:FakeAlert-DB [Trj]” has been found in “C:\DOCUME~1\User\LOCALS~1\Temp\wb2hGcDZ.exe.part$PLUGINSDIR\exdll.dll” file.
9/11/2009 6:17:52 PM SYSTEM 452 Sign of “NSIS:FakeAV-E [Trj]” has been found in “http://secinstall.info/P3D6B4A0FF522AA1018D6=/install.exe?counter=2\nsis.hdr” file.
9/11/2009 6:17:53 PM SYSTEM 452 Sign of “NSIS:FakeAV-E [Trj]” has been found in “http://secinstall.info/P3D6B4A0FF522AA1018D6=/install.exe?counter=3\nsis.hdr” file.
9/11/2009 6:18:19 PM SYSTEM 452 Sign of “NSIS:FakeAV-E [Trj]” has been found in “C:\DOCUME~1\User\LOCALS~1\Temp\CoC947Nn.exe.part\nsis.hdr” file.
9/11/2009 6:18:51 PM SYSTEM 452 Sign of “Win32:FakeAlert-DB [Trj]” has been found in “C:\DOCUME~1\User\LOCALS~1\Temp\CoC947Nn.exe.part$PLUGINSDIR\exdll.dll” file.
9/11/2009 6:26:59 PM SYSTEM 212 Sign of “NSIS:FakeAV-E [Trj]” has been found in “http://secinstall.info/P4841B40FAF22AA10188BE==/install.exe?counter=1\nsis.hdr” file.
9/11/2009 6:27:01 PM SYSTEM 212 Sign of “NSIS:FakeAV-E [Trj]” has been found in “http://secinstall.info/P4841B40FAF22AA10188BE==/install.exe?counter=2\nsis.hdr” file.
9/11/2009 6:27:02 PM SYSTEM 212 Sign of “NSIS:FakeAV-E [Trj]” has been found in “C:\DOCUME~1\User\LOCALS~1\Temp\JMnHhy+5.exe.part\nsis.hdr” file.
9/11/2009 6:27:10 PM SYSTEM 212 Sign of “Win32:FakeAlert-DB [Trj]” has been found in “C:\DOCUME~1\User\LOCALS~1\Temp\JMnHhy+5.exe.part$PLUGINSDIR\exdll.dll” file.
9/11/2009 6:35:50 PM SYSTEM 2016 Sign of “NSIS:FakeAV-E [Trj]” has been found in “http://secinstall.info/P4882B40FAF22AA1018AD7/install.exe?counter=0\nsis.hdr” file.
9/11/2009 6:35:56 PM SYSTEM 2016 Sign of “NSIS:FakeAV-E [Trj]” has been found in “http://secinstall.info/P4882B40FAF22AA1018AD7/install.exe?counter=2\nsis.hdr” file.
9/11/2009 6:36:06 PM SYSTEM 2016 Sign of “NSIS:FakeAV-E [Trj]” has been found in “C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\dv3jorc4.default\Cache\A1EF4198d01\nsis.hdr” file.
9/11/2009 6:36:13 PM SYSTEM 2016 Sign of “Win32:FakeAlert-DB [Trj]” has been found in “C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\dv3jorc4.default\Cache\A1EF4198d01$PLUGINSDIR\exdll.dll” file.
9/11/2009 6:37:44 PM SYSTEM 2016 Sign of “NSIS:FakeAV-E [Trj]” has been found in “C:\DOCUME~1\User\LOCALS~1\Temp\rFJViY3+.exe.part\nsis.hdr” file.
9/11/2009 6:37:44 PM SYSTEM 2016 Sign of “NSIS:FakeAV-E [Trj]” has been found in “C:\DOCUME~1\User\LOCALS~1\Temp\IPytT0oQ.exe.part\nsis.hdr” file.
9/11/2009 6:37:44 PM SYSTEM 2016 Sign of “NSIS:FakeAV-E [Trj]” has been found in “C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\dv3jorc4.default\Cache\A1EF419Ad01\nsis.hdr” file.
9/11/2009 6:37:44 PM SYSTEM 2016 Sign of “Win32:FakeAlert-DB [Trj]” has been found in “C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\dv3jorc4.default\Cache\A1EF419Ad01$PLUGINSDIR\exdll.dll” file.
9/11/2009 7:13:10 PM User 2364 Sign of “NSIS:FakeAV-E [Trj]” has been found in “C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\dv3jorc4.default\Cache\A1EF419Ad01\nsis.hdr” file.
9/11/2009 7:19:55 PM User 2364 Sign of “Win32:FakeAlert-DB [Trj]” has been found in “C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\dv3jorc4.default\Cache\A1EF419Ad01$PLUGINSDIR\exdll.dll” file.
9/11/2009 7:20:10 PM User 2364 Sign of “NSIS:FakeAV-E [Trj]” has been found in “C:\Documents and Settings\User\Local Settings\temp\IptMXGB2.exe.part\nsis.hdr” file.
9/11/2009 7:20:34 PM User 2364 Sign of “NSIS:FakeAV-E [Trj]” has been found in “C:\Documents and Settings\User\Local Settings\temp\IPytT0oQ.exe.part\nsis.hdr” file.
9/11/2009 7:20:36 PM User 2364 Sign of “NSIS:FakeAV-E [Trj]” has been found in “C:\Documents and Settings\User\Local Settings\temp\rFJViY3+.exe.part\nsis.hdr” file.
9/11/2009 7:20:39 PM User 2364 Sign of “NSIS:FakeAV-E [Trj]” has been found in “C:\Documents and Settings\User\Local Settings\temp\UgT_8PJo.exe.part\nsis.hdr” file.
Hope here’s a start, and we can work to get rid of this. Thanks!
O yes, and, in desperation, I did a few times click “delete” when there was the endless cycle of detect/click move to chest/get error file: does not exist ---- I see in the stickied Advice… topic that is not recommended, so I hope this does not mess things up too badly… Thanks!