X
Tap here to go to the mobile version of the site.

Support Forum

trojans

Posted

A Firefox warning flashed up for trojans on my computer and recommended installinternetprotection downloads to deal with them. These were apparently the Trojans and Malwarebyte found 16. Deleted with Malwarebyte.

A Firefox warning flashed up for trojans on my computer and recommended installinternetprotection downloads to deal with them. These were apparently the Trojans and Malwarebyte found 16. Deleted with Malwarebyte.

Additional System Details

This happened

Just once or twice

This started when...

04/05/2011

Installed Plug-ins

  • Yahoo! activeX Plug-in Bridge
  • Adobe PDF Plug-In For Firefox and Netscape 10.0.1
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • Shockwave Flash 10.2 r159
  • iTunes Detector Plug-in
  • GEPlugin
  • Picasa plugin
  • Next Generation Java Plug-in 1.6.0_24 for Mozilla browsers
  • Google Update

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1

More Information

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6502
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
04/05/2011 08:57:48
mbam-log-2011-05-04 (08-57-48).txt
Scan type: Full scan (C:\|G:\|P:\|Q:\|S:\|W:\|)
Objects scanned: 324737
Time elapsed: 23 minute(s), 52 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 16
Memory Processes Infected:
s:\downloads\installinternetprotection_906.exe (Trojan.FakeAlert.PGen) -> 4496 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
s:\downloads\installinternetprotection_906.exe (Trojan.FakeAlert.PGen) -> Quarantined and deleted successfully.
c:\Windows\installer\{cd95f661-a5c4-44f5-a6aa-ecdd91c240b5}\iconcd95f6615.txt (Trojan.Agent) -> Quarantined and deleted successfully.
s:\downloads\installinternetprotection_002.exe (Trojan.FakeAlert.PGen) -> Quarantined and deleted successfully.
s:\downloads\installinternetprotection_009.exe (Trojan.FakeAlert.PGen) -> Quarantined and deleted successfully.
s:\downloads\installinternetprotection_046.exe (Trojan.FakeAlert.PGen) -> Quarantined and deleted successfully.
s:\downloads\installinternetprotection_075.exe (Trojan.FakeAlert.PGen) -> Quarantined and deleted successfully.
s:\downloads\installinternetprotection_313.exe (Trojan.FakeAlert.PGen) -> Quarantined and deleted successfully.
s:\downloads\installinternetprotection_326.exe (Trojan.FakeAlert.PGen) -> Quarantined and deleted successfully.
s:\downloads\installinternetprotection_339.exe (Trojan.FakeAlert.PGen) -> Quarantined and deleted successfully.
s:\downloads\installinternetprotection_496.exe (Trojan.FakeAlert.PGen) -> Quarantined and deleted successfully.
s:\downloads\installinternetprotection_626.exe (Trojan.FakeAlert.PGen) -> Quarantined and deleted successfully.
s:\downloads\installinternetprotection_725.exe (Trojan.FakeAlert.PGen) -> Quarantined and deleted successfully.
s:\downloads\installinternetprotection_763.exe (Trojan.FakeAlert.PGen) -> Quarantined and deleted successfully.
s:\downloads\installinternetprotection_853.exe (Trojan.FakeAlert.PGen) -> Quarantined and deleted successfully.
s:\downloads\installinternetprotection_940.exe (Trojan.FakeAlert.PGen) -> Quarantined and deleted successfully.
s:\downloads\installinternetprotection_946.exe (Trojan.FakeAlert.PGen) -> Quarantined and deleted successfully.

Xircal 334 solutions 3835 answers

You most likely visited a malware domain which ran an animation purporting to show your machine is infected with viruses. Here's an example of one currently making the rounds: http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011

Malwarebytes will have deleted the rogue app.

I'd advise you to install this add-on: https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

Subscribe to the "Easylist" option when you see it during the installation, then go to https://adblockplus.org/en/subscriptions and scroll down to the foot of the list. You'll find a link there where you can subscribed to "Malware Domains" to prevent a recurrence.

You most likely visited a malware domain which ran an animation purporting to show your machine is infected with viruses. Here's an example of one currently making the rounds: http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011 Malwarebytes will have deleted the rogue app. I'd advise you to install this add-on: https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/ Subscribe to the "Easylist" option when you see it during the installation, then go to https://adblockplus.org/en/subscriptions and scroll down to the foot of the list. You'll find a link there where you can subscribed to "'''Malware Domains'''" to prevent a recurrence.

Question owner

Many thanks, done that immediately

Many thanks, done that immediately
Xircal 334 solutions 3835 answers

Helpful Reply

You're welcome.

You're welcome.