Was on a Yahoo! site the other day, avast popped up stating there was a virus coming in from something along the lines of http://a323.yahoofs.com/ (had a long URL continued)
Clicked Abort Connection, but later avast Screensaver found a ‘Virus/worm’ in one of my old programs (which… don’t ask why, i have 5 of on this computer in different places and accounts) and i clicked repair, later i ran a scan with avast, found the 4 others, repaired them, but they got infected again (3 times actually so far) Don’t know what’s infecting them yet, found another in system restore file. Haven’t sent them to chest yet because i don’t know what the virus would decide to do if it had no other file to infect. Help and advice would be appreciated. {also, in middle of virus scan when posting}
Ps: Running on dial up, Windows XP Home, SP3 i believe. Should have latest updates. :-\
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe - Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log
When posting URLs to suspect sites, change the http to hXXp so the link isn’t active (clickable) avoiding accidental exposure.
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
This link to a .jpg is somewhat strange in that it has parameters after it (the bit after the ?), so that is a bit strange. It may be that it isn’t a jpg at all or has been hacked.
The web shield and abort connection should have stopped that from being downloaded and or run on your system. So what was found on your system is I believe unrelated to this particular alert.
Again we need information by reporting the malware name, file names and locations of these other detections. What is the malware name, the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
I’m having a similar issue with the same trojan but in a Hosts File Updater I use to update the MS MVPs hosts file. The file is not actually installed in my computer; rather, it is a little .exe file that sits on the desk top. When I want to check for hosts file updates, I execute the file, it connects with the MVP’s host file, retrieves the updates and install them. The home page for the file is hXXp://faltronsoft.googlepages.com/HostsFileUpdater.exe
After the last Avast update, Avast started issuing warnings whenever I tried to open the file. I did the following: I shredded the file using a secure file shredder, scanned my system for any remains of Faltron software (found none), did full scan with MalwareBytes, did thorough scan (with archives) with Avast… both were negative. With a clean system, I then tried to download a new copy of the Updater from the Faltron web site and from any web site I could find that either mirrors or links to the Faltron file. In every case, Avast issued a warning that the trojan had been detected and would not complete the download. Can I assume that this is a false positive?
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
I have accomplished all the other points on your list including the installation of Hostman software. Using CCleaner’s tools, I was able to delete the restore points that were created after the file updater began to malfunction. I am only waiting for some word regarding my Hijack log.
Do I set the Hostman software to merge Hosts file updates or to overwrite them? Merge is default but overwrite seems more logical.