yahoo inbox..trojan horse

hi everyone.
recently i receveid an email from yahoo, i don’t remember how sounds like, i deleted it, because i wasn’t interested.(i didn’t open it).
and after that avast reported me this:

URL: http://optimized-by.rubiconproject.com/a
Process: C:\Program Files\Mozilla Firefox\firefox…
Infection: HTML:Iframe-AMG [Trj]

And now…is still show me that pop out with it, when i;m tryin to acces yahoo mail.
Nothing at scan search, no suspicious procesess…
What can i do for that pop out? it;s getting me nervous… :-\

follow guide and attach logs. http://forum.avast.com/index.php?topic=53253.0

no ofense, but i don’t use mbam and otl.(last time when i used it i had some problems).

Hi buffy_92,

Read this: http://www.securelist.com/en/descriptions/7101543/Trojan-Clicker.HTML.IFrame.amg
and see whether your host file has been tampered with trojan clicker
Use system restore to get your computer to an earlier clean state:
http://www.precisesecurity.com/tools-resources/troubleshooting/restore-windows-vista-or-windows-7-to-an-earlier-date/

polonus

ok thanks :smiley:

OTL is the most important log to see what the problem is…if in your computer

your AdwCleaner log say search…you have to run it and click the delete button to remove all the crap files lised

i have the same problem, it starts 2 hours ago. in opera and chrome. i think its a false positive, because avast is blocking some yahoo commercial pop up.
“The connection to optimized-by.rubiconproject.com was interrupted.”
somebody from avast here to check it?

https://www.virustotal.com/en/url/e21206f763993b027759195f931344638deb4187b7d2b79c0cd5c0c3494284cc/analysis/1370605909/

That’s a site Analysis of http://optimized-by.rubiconproject.com/. Seems to be nothing wrong with it. I’ll check the school proxy see if it blocks it. (It’ll block just about anything malicious).

Edit: http://optimized-by.rubiconproject.com/ Seems to be down. Either it was infected and is now being cleaned, or the redirect never worked

And No I am not an Avast Staff member. A regular user online from the last 5 ish days.

1 more edit; I’m looking further into the report, at some point in time it was hosting a virus or worm and the Verdict was indeed Malicous. But the scanners lined up for this didn’t detect anything.

This alert is also hitting on ANY quickmeme page. I’d be really interested to know if someone of these sites have been compromised or if this a string of similar false positives.

WHat is a quick meme page? If you can give me a URL to it I can run it through Virus Total and see what it says. A recent version of Avast did detect a Trojan in Facebook which was a FP. Could be the same case. But if you want it check I need URL’s to scan.

(Quickmeme/popular) https://www.virustotal.com/en/url/5ad88343fac37f996904ea9b3f8f2a73ac88db34d3d36dd1356901dfc76f9711/analysis/1370607219/

(Quickmeme/)
https://www.virustotal.com/en/url/89fbe9ab2a71707f5c161f50e05bf154396cbb435449ea7d9eea60246e0303d9/analysis/1370607301/

(Qucikmeme/random)
https://www.virustotal.com/en/url/b73ccf79918b736e4e8039821be4f4abea97608cd620e6fcbed78fbe927812aa/analysis/1370607355/

(Quickmeme/myfavourites)
https://www.virustotal.com/en/url/8dab0e4f47ffacf649f4be88f281876c940a251a33196fce0d3d74fbd037762e/analysis/1370607397/

I think I’ve just about shown this is a False Positive by now. My School proxy which blocks any social media site and malicious site didn’t block any of the above. I think either your browser is infected, or a False Postive.

please look attached file

What is the full link? I’ll scan it.

http://optimized-by.rubiconproject.com/a/9061/15299/33343-9.html?%26rnd

https://www.virustotal.com/en/url/19b2593e66ff011e32556a042ecb87893c669bbe98d42f6ceb55083e804190a5/analysis/1370613160/

Deemed clean. However at some point in time Bitdefender deemed it Malicous for Badware (Ransomware, Torjans etc) It lookeds to be clean right now though.

Virustotal does not check url for infections…it is a reputation check

I have exactly the same problem. 3 hours ago i received an email, and then avast keep stopping showing the 160x600 size ads from the right of the email. I entered on different yahoo emails accounts and it gave me the same warnings. I even reinstalled fast windows (after format) and gives the same warning. I scanned with MBAM and found 0 suspected files. What is wrong with avast?

Unable to get content.
404 - Not Found

is reported as suspicious

http://www.urlvoid.com/scan/optimized-by.rubiconproject.com/

http://checkwebsitesafe.net/www/optimized-by.rubiconproject.com

http://siteinspector.comodo.com/public/reports/14708800

http://urlquery.net/report.php?id=2948756

Detection was fixed in VPS 130607-1.