Virus/Worm Warning from Avast

Beginning yesterday afternoon, whenever I log onto a group to which I belong (not MSN), Avast pops up with Virus Alert - VBS: Malware-gen.

It give the following URL as the problem: hxxp://72.51.46.141/10810z/exploits/x7b.php

However, if I go to the same site using Firefox, I have no problem and no warnings from Avast.

I abort the connection as suggested but still can remain and post on the site with IE6. However, I intermittently receive the same alert while in that forum.

Should I be concerned?

TIA

alaura

I’m using firefox and the site is blocked )by one of my security programs)
so
YES
anybody know why
did you try site adviser or similar?

Firefox has a number of differences which could help, e.g. no activeX, no BHOs so that (or some add-ons) may be responsible for stopping the execution. You don’t say what version of IE you are using ?

you won’t be able to get into that page and it isn’t the real issue as there is a redirect/hack on a page you are visiting trying to connect to that page. So what was the original page you were visiting when the avast alert went off (as I doubt it was the one above) ?

The abort connection would effectively kill the connection to hxxp://72.51.46.141/10810z/exploits/x7b.php, but the original web page would still work I believe. The IP address of that link points to pixelplacements.com is that something you see on the web page you were viewing before the alert ?
Note that my link isn’t active, you could modify your post also changing the tt in http for hxxp, which will break the link.

I am using IE 6.

No, I was not going directing to the site that is being blocked. It’s a women’s group I’ve belonged to for several years now with no problem. It’s a private group, and you need to be a member to log-in so there’s no way that you could check it out.

And yes, once I hit abort, I can access the site, but the alert randomly pops up. Could it be because of some poop-up ads that have recently appeared on the site?

BTW, no one else in the group has reported such a problem.

If pop-up ads have also appeared (if not by design of the site), then it is possible that there might also be other things going on, e.g. the site could have been hacked, though it is strange no one else is reporting anything.

So we need to do some further investigation as your browser might have been hijacked as IE is susceptible to this and may explain why it doesn’t happen with firefox.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).

  1. SUPERantispyware On-Demand only in free version.
  2. MalwareBytes Anti-Malware freeware version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. Also Try this tool, RogueRemover, available here http://www.malwarebytes.org/rogueremover.php

Run 1, report the findings and then run 2 and report the findings.

Thanks, David.

For some reason, I’m no longer receiving the warning when I enter the site to which I was referring.

I did download and run SUPERantispyware and got the log report. I was going to copy and paste it, but it would have taken forever to delete my name from each entry. Is there a way to get the report without having to go through all those deletions?

alaura

Well the report would also be saved as a text file ??
In which case you can open it and do a find and replace, e.g. find alaura replace with theowner or similar wording.

Then you could attach the complete report file to the pot, Additional Options in the Reply window.