danman
08-25-2008, 09:01 PM
The past few days Avast has been picking up trojans on a particular PC of mine. I believe it's win32.pophot-am [trj] or some such file.
Anyhow it seems to trigger 2 particual files namely
84jcoasu4g3.exe
update.exe
There is no real hard info on either on google.
Anyhow repeated scans show nothing after removal/deletion.
I'm running Spybot S&D, Superantispyware Pro and Avast constantly and theyre gone... until they (the trigger) pops back up which is 1 or 2 times a day.
Anyhow I looked at my lights on the Router and they were going some so I knew something was using bandwidth.
I ran CurrPorts to see what was running
Nvidia.exe (apparently there is a virus called this too) was in my windows folder and that appeared to be in contact with hotel487.server or some such host. I killed it in Task Manager and then renamed it Nvidia.exe.bak A couple of mins later another thing shown up as trying to contact that server. I killed that too.
The only things running in the background at this time apart from antivirus/antispyware/Spybot was TVersity and FlashGet. My connection was still flashing so I killed both of them. Traffic has been dead for some time now and the virus/trojan hasn't re-appeared (for a couple of hours)
Now, is FlashGet or TVersity downloading something that is causing re-infestation do you think? I read a google report that the Flashget server had been serving up malware back in March of this year so it's not impossible that it could happen again.
Renaming Nvidia.exe to a .bak file has so far had no negative impact so I'm not concerned about that, scans are currently clean but I am concerned that all apps uptodate could not stop re-infection heuristically (if thats the right term?). I've tried using I.E and Firefox (uptodate) I'm scanning with everything I can even crappy Defender.
What more can I do? Have I been compromised? I know avast appears to have caught them but what was using my bandwidth? Was it malign or just TVersity/Flashget doing something and nothing?
Was all of this a false posative. I know Avast is hypersensitive, all manner of Standalone apps etc seem to trigger it but usually good judgement wins the day.
This has left me confused and has led to about 5 nights of worry etc.
Good god when you have this much security you should sleep better at night?
Anyone else have this and know whats what please?
Anyhow it seems to trigger 2 particual files namely
84jcoasu4g3.exe
update.exe
There is no real hard info on either on google.
Anyhow repeated scans show nothing after removal/deletion.
I'm running Spybot S&D, Superantispyware Pro and Avast constantly and theyre gone... until they (the trigger) pops back up which is 1 or 2 times a day.
Anyhow I looked at my lights on the Router and they were going some so I knew something was using bandwidth.
I ran CurrPorts to see what was running
Nvidia.exe (apparently there is a virus called this too) was in my windows folder and that appeared to be in contact with hotel487.server or some such host. I killed it in Task Manager and then renamed it Nvidia.exe.bak A couple of mins later another thing shown up as trying to contact that server. I killed that too.
The only things running in the background at this time apart from antivirus/antispyware/Spybot was TVersity and FlashGet. My connection was still flashing so I killed both of them. Traffic has been dead for some time now and the virus/trojan hasn't re-appeared (for a couple of hours)
Now, is FlashGet or TVersity downloading something that is causing re-infestation do you think? I read a google report that the Flashget server had been serving up malware back in March of this year so it's not impossible that it could happen again.
Renaming Nvidia.exe to a .bak file has so far had no negative impact so I'm not concerned about that, scans are currently clean but I am concerned that all apps uptodate could not stop re-infection heuristically (if thats the right term?). I've tried using I.E and Firefox (uptodate) I'm scanning with everything I can even crappy Defender.
What more can I do? Have I been compromised? I know avast appears to have caught them but what was using my bandwidth? Was it malign or just TVersity/Flashget doing something and nothing?
Was all of this a false posative. I know Avast is hypersensitive, all manner of Standalone apps etc seem to trigger it but usually good judgement wins the day.
This has left me confused and has led to about 5 nights of worry etc.
Good god when you have this much security you should sleep better at night?
Anyone else have this and know whats what please?