Virus question
Thread Starter
Join Date: Apr 2001
Posts: 34
Likes: 0
Received 0 Likes
on
0 Posts
Virus question
My laptop has GDATA as the virus checker.
It has just flagged up the following.
HTML IFrame-inf(engine B)
JSFake AV-eg [trj] (engine B)
W32 Dialer.fdf (engine A)
Any clues please as whilst the virus checker has found these, it seems unable to fix or otherwise cure. (Running XP as the operating system)
Thanks, LJ
It has just flagged up the following.
HTML IFrame-inf(engine B)
JSFake AV-eg [trj] (engine B)
W32 Dialer.fdf (engine A)
Any clues please as whilst the virus checker has found these, it seems unable to fix or otherwise cure. (Running XP as the operating system)
Thanks, LJ
Tsamaya sentle
Join Date: Apr 2001
Location: Germany
Posts: 154
Likes: 0
Received 0 Likes
on
0 Posts
It seems these are Trojans. Most "normal" virus checkers have difficulties handling those.
You might want to try "HijackThis" first, and then run a thorough scan with "Malwarebytes mba" (freeware version). It takes time (and nerves) but these two applications finally did the job when my PC got severely infected two months ago, despite a good anti-virus checker.
HighjackThis will "only" create a log file of a deep scan which you can then upload and have analyzed automatically. Google "HighjackThis" for download sources. Go to HijackThis Logfileauswertung for the log file check.
MBAM will attempt to get rid of the malware.
Malwarebytes
Finally, try to recall suspicious web sites where you might have caught the viruses, and avoid those in the future.
You might want to try "HijackThis" first, and then run a thorough scan with "Malwarebytes mba" (freeware version). It takes time (and nerves) but these two applications finally did the job when my PC got severely infected two months ago, despite a good anti-virus checker.
HighjackThis will "only" create a log file of a deep scan which you can then upload and have analyzed automatically. Google "HighjackThis" for download sources. Go to HijackThis Logfileauswertung for the log file check.
MBAM will attempt to get rid of the malware.
Malwarebytes
Finally, try to recall suspicious web sites where you might have caught the viruses, and avoid those in the future.
Since the item flagged appears to relate to a hidden script (i-frame) it has probably detected an infection in a web page you were navigating to and blocked it.
If this is the case, no further action is required, except to inform the site operator that the site has been hacked.
If this appeared as a result of a scan, however, rather than on-access, different story.
What was the message displayed by Gdata?
(G-data uses two AV engines, hence the "a" and "b" references.)
If this is the case, no further action is required, except to inform the site operator that the site has been hacked.
If this appeared as a result of a scan, however, rather than on-access, different story.
What was the message displayed by Gdata?
(G-data uses two AV engines, hence the "a" and "b" references.)
Thread Starter
Join Date: Apr 2001
Posts: 34
Likes: 0
Received 0 Likes
on
0 Posts
Hi Tarq57,
Thanks for your reply. These emerged as part of a routine scan. I'm not sure what effect if any they have. I have heard horror stories about computers dialling premium rate phone lines without any indications hence my concern about the 'dialer'. Also is this part of a phishing scam to get information about bank accounts etc? I have run the GDATA cleanup programme but it says it is unable to cure the infection. I have not used the option to quarantine because it gives all sorts of dire warnings that other programmes or e-mail might not be available afterwards. Don't know if these are new viruses but a report has gone to GDATA. Any thoughts?
Thanks for your reply. These emerged as part of a routine scan. I'm not sure what effect if any they have. I have heard horror stories about computers dialling premium rate phone lines without any indications hence my concern about the 'dialer'. Also is this part of a phishing scam to get information about bank accounts etc? I have run the GDATA cleanup programme but it says it is unable to cure the infection. I have not used the option to quarantine because it gives all sorts of dire warnings that other programmes or e-mail might not be available afterwards. Don't know if these are new viruses but a report has gone to GDATA. Any thoughts?
"Any thoughts?"
Well, how I'd proceed might be different, depending on what is actually seen when a quarantine is attempted. I'd be looking at each file that the AV was wanting to quarantine and assessing it on a case by case basis.
Over the internerd one can offer generic ideas only, without the use of diagnostics and a bit more knowledge than yours truly actually has.
What was/were the original file name and path of all nasties reported? (If there's more than 3 or 4, just give us the most common location, if there is one, eg: C: \Windows\System32...
What I'd do is the following: Clean all your temporary and temporary internet files. (Ccleaner or ATF cleaner is good for this. If you use Ccleaner, either use the slim version, or opt out of the Yahoo toolbar install.)
Download MBAM,(free version) kindly linked above. It's darned good. Install it, update it, run a quick scan. Following the scan a report will be produced. Select everything found and click on "remove selected". If prompted to reboot to complete removal, do so promptly.
Scan again with GData.
Report back on anything found/removed/obstinate.
Well, how I'd proceed might be different, depending on what is actually seen when a quarantine is attempted. I'd be looking at each file that the AV was wanting to quarantine and assessing it on a case by case basis.
Over the internerd one can offer generic ideas only, without the use of diagnostics and a bit more knowledge than yours truly actually has.
What was/were the original file name and path of all nasties reported? (If there's more than 3 or 4, just give us the most common location, if there is one, eg: C: \Windows\System32...
What I'd do is the following: Clean all your temporary and temporary internet files. (Ccleaner or ATF cleaner is good for this. If you use Ccleaner, either use the slim version, or opt out of the Yahoo toolbar install.)
Download MBAM,(free version) kindly linked above. It's darned good. Install it, update it, run a quick scan. Following the scan a report will be produced. Select everything found and click on "remove selected". If prompted to reboot to complete removal, do so promptly.
Scan again with GData.
Report back on anything found/removed/obstinate.
Last edited by Tarq57; 20th Apr 2010 at 10:46. Reason: [edited to remove wibble]