Virus found, cant delete

I got this virus and I cant deletes it. It says this for my log file under warning. Would appreciate it if someone help me get rid of it. Thanks :]
JS:Obfuscated-R [trj]
JS:Pdfka-BG [Expl]
JS:Packed-AW [trj]

have you tried scanning with these

http://filehippo.com/download_malwarebytes_anti_malware/ Malwarebytes Anti-Malware

http://filehippo.com/download_superantispyware/ SuperAntiSpyware

Nope, but will it interfere with my Avast ?

Theoretically you shouldn’t need these other scanners if as I suspect these were alerts by the Web Shield, so it is being detected on a web site (probably hacked). The only option given on the alert would be to Abort Connection, was that correct ?

If so it didn’t get on to your computer.

You say that you couldn’t delete it, but you don’t say why, what errors, etc. ?

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx or URL, see below) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe - Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log

When posting URLs to suspect sites, change the http to hXXp so the link isn’t active (clickable) avoiding accidental exposure.

Re SAS and MBAM, they will work along side avast without problem.

What ya mean ? I cant see the rest of the url or w/e.

Malware Bytes didn’t detect anything, but I still think there is suspicious files on my computer.

Malwarebytes’ Anti-Malware 1.36
Database version: 2045
Windows 6.0.6000

4/26/2009 1:52:07 PM
mbam-log-2009-04-26 (13-52-07).txt

Scan type: Quick Scan
Objects scanned: 60801
Time elapsed: 5 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Download and run http://dl1.pro.antivir.de/package/rescue_system/common/en/rescue_system-common-en.exe , burn it to a blank disc, boot your computer using that disc, do a full scan using that and let it remove/move/rename/quarantine anything that it find

after that, back to windows in normal mode, keep your avast! up to date and let it protect your computer to prevent get infection again.

I hope those file would remove :slight_smile:

Well I have to scratch that outta the idea, no blank discs :-\

give me address to send ya one! :stuck_out_tongue: or maybe I would send ya one via e-mail :stuck_out_tongue: ;D 8)

Lol ;D But ya I just still think there is suspicious files in my computer and I just feel sketchy about logging into things, cause I play a lot of games.

If you check out the file I also gave warning.log you will see it all, in the log viewer you may need to expand the column width to see all the URL, etc.

Oh I get what your saying, but it wont let me expand it.

Then go directly to the warning.log life location I gave (that is where the data is imported into the log viewer from) and view the contents in notepad.

There should be nothing to stop you expanding the column, what are you trying ?

  • Expand Column Width, hover the mouse pointer over the column header divider until the pointer changes (see image) left click and hold down the key whilst dragging the pointer to the right. This works for most windows applications which use columns.

Lol sorry I am such an idiot, found it

3/20/2009 8:03:00 PM 1237604580 SYSTEM 1740 Sign of “JS:Obfuscated-R [trj]” has been found in “hXXp://ywaaoqa.info/ww/in.php” file.
3/20/2009 8:03:01 PM 1237604581 SYSTEM 1740 Sign of “JS:Pdfka-BG [Expl]” has been found in “hXXp://ywaaoqa.info/ww/pdf.php” file.
3/28/2009 5:58:40 PM 1238288320 SYSTEM 1712 Sign of “JS:Packed-AW [trj]” has been found in “hXXp://ashoping.com/?sid=aff0048{gzip}” file.
4/19/2009 7:58:17 PM 1240196297 SYSTEM 1772 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Users\TJ\AppData\Local\Mozilla\Firefox\Profiles\un6nslp5.default\Cache_CACHE_001_ (C:\Users\TJ\AppData\Local\Mozilla\Firefox\Profiles\un6nslp5.default\Cache_CACHE_001_) returning error, 00000005.
4/25/2009 8:57:00 PM 1240718220 SYSTEM 1748 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Users\TJ\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat (C:\Users\TJ\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat) returning error, 00000005.

OK they were detected by the web shield so you should have got an Abort Connection option only (?) that should block it from being actioned or downloaded to your system.

I take it that you weren’t actually visiting these sites ?

Rather you were visiting another site (?) and it is likely that it was this site that has been hacked, inserting the obfuscated, packed or javascript exploit code.

All detections appear to be correct, see info below on the two sites:
http://google.com/safebrowsing/diagnostic?site=ywaaoqa.info/

http://www.mywot.com/en/scorecard/ashoping.com
The ashoping.com is blocked by the Network Shield as a malicious site, it looks like it is trying to look like ashopping.com.

Yea I aborted connection, but yea I was wondering if anyone knows a way to block ads from popping up (I have Mozilla too and they still pop up) But I still have a feeling that a virus is still on my computer. One of the Trojans attacked my computer when I was AFK and i wasn’t even on a site or anything. Must mean its probably still on my computer, i dunno.

Well avast doesn’t block ads, firefox and the adblock plus add-on is my ad blocker of choice.

You were given two options, SAS and MBAM, you have run MBAM (nothing about SAS so run that too).

What makes you believe you still have something on your system, what symptoms, etc.

What are the symptoms?

Can you post a screenshot of it?
Did you configure Firefox to avoid popups?

Well I guess my computer is alright if MBAM didn’t pick it up, well I am gonna try SAS and double check.

Good. Post back the results.