Main Page 
PC Review
Forums
Newsgroups
Hardware
Anti-Virus
Win32:Mhtplo-10 - False positive?
Forums
Newsgroups
Hardware
Anti-Virus
Win32:Mhtplo-10 - False positive?
 |
Win32:Mhtplo-10 - False positive? |
|
|
Thread Tools | Rate Thread |
30-11-2007, 08:27 PM
|
#1 |
|
Guest
Posts: n/a
|
Win32:Mhtplo-10 - False positive?
Hello,
I was hoping someone in here could help me with a problem I've had that last two days. I use Avast anti-virus, it has a "web shield" that scans web pages for anything malicious. While browsing the Digital Trends forums, I received an alert that the site I was on contained Win32:Mhtplo-10 [Trj]. It advised me to abort the connetion and move the file that was in my temporary internet files folder to the Avast's virus chest. I tried to do this, but was prompted that the file was in use and could not be moved. So I chose "no action" and shut the browser down. Afterwards I was able to move the file in question to the virus chest. I then decided to look up what Win32:Mhtplo-10 was. So I went on Google and started to search.. and the same alert came up. It said that the Google search page contained Win32:Mhtplo-10 [Trj]. So I repeated the same actions as above. Since then I've run full scans with Avast!, AVG Anti-Spyware and Spybot's Search and Destroy and all scans were clean. I just find it odd that Avast detected these "threats" on reputable sites like Google and Digital Trends. It makes me want to believe that they must be false positives. This is the log that Avast created.. ------------------------------ 11/29/2007 8:48:08 PM SYSTEM 1412 Sign of "Win32:Mhtplo-10 [Trj]" has been found in "http://forums.digitaltrends.com/archive/index.php/ t-4230.html\unp137460016" file. 11/29/2007 8:48:33 PM SYSTEM 1412 Sign of "Win32:Mhtplo-10 [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings \Temporary Internet Files\Content.IE5\I4GUG4E9\t-4230[1].htm" file. 11/29/2007 8:54:51 PM Owner 2960 Sign of "Win32:Mhtplo-10 [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings \Temporary Internet Files\Content.IE5\I4GUG4E9\t-4230[1].htm" file. 11/30/2007 11:54:03 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 [Trj]" has been found in "http://www.google.com/search? q=Win32:Mhtplo&hl=en&start=10&sa=N\unp266340129" file. 11/30/2007 11:54:13 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings \Temporary Internet Files\Content.IE5\9I66EBDU\search[1].htm" file. 11/30/2007 11:54:40 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 [Trj]" has been found in "http://www.google.com/search? q=Win32:Mhtplo&hl=en&start=10&sa=N\unp3580908" file. 11/30/2007 11:54:41 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings \Temporary Internet Files\Content.IE5\9I66EBDU\search[2].htm" file. ------------------------------ I extracted the files from the virus chest and uploaded them to Jotti.Org.. only 4 of the detectors found a problem.. but the majority of them said that they were clean. My question is IF this truly was a Win32:Mhtplo-10 trojan.. how would I know my computer has been infected? My computer seems to be running fine with no unusual processes running. Any replies would be TRULY appreciated! |
|
|
01-12-2007, 01:19 AM
|
#2 |
|
Guest
Posts: n/a
|
Re: Win32:Mhtplo-10 - False positive?
thx1138xxix@yahoo.com after much thought,came up with this jewel in
news:6dd00266-53dc-45e3-b349-49d83337542e@y5g2000hsf.googlegroups.com : > Hello, > > I was hoping someone in here could help me with a problem I've had > that last two days. > > I use Avast anti-virus, it has a "web shield" that scans web pages > for anything malicious. While browsing the Digital Trends forums, > I received an alert that the site I was on contained > Win32:Mhtplo-10 [Trj]. It advised me to abort the connetion and > move the file that was in my temporary internet files folder to > the Avast's virus chest. I tried to do this, but was prompted that > the file was in use and could not be moved. So I chose "no action" > and shut the browser down. Afterwards I was able to move the file > in question to the virus chest. > > I then decided to look up what Win32:Mhtplo-10 was. So I went on > Google and started to search.. and the same alert came up. It said > that the Google search page contained Win32:Mhtplo-10 [Trj]. So I > repeated the same actions as above. > > Since then I've run full scans with Avast!, AVG Anti-Spyware and > Spybot's Search and Destroy and all scans were clean. > > I just find it odd that Avast detected these "threats" on > reputable sites like Google and Digital Trends. It makes me want > to believe that they must be false positives. > > This is the log that Avast created.. > > ------------------------------ > > 11/29/2007 8:48:08 PM SYSTEM 1412 Sign of > "Win32:Mhtplo-10 [Trj]" has been found in > "http://forums.digitaltrends.com/archive/index.php/ > t-4230.html\unp137460016" file. 11/29/2007 8:48:33 PM SYSTEM > 1412 Sign of "Win32:Mhtplo-10 [Trj]" has been found in > "C:\Documents and Settings\Owner\Local Settings \Temporary > Internet Files\Content.IE5\I4GUG4E9\t-4230[1].htm" file. > 11/29/2007 8:54:51 PM Owner 2960 Sign of > "Win32:Mhtplo-10 [Trj]" has been found in "C:\Documents and > Settings\Owner\Local Settings \Temporary Internet > Files\Content.IE5\I4GUG4E9\t-4230[1].htm" file. 11/30/2007 > 11:54:03 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 > [Trj]" has been found in "http://www.google.com/search? > q=Win32:Mhtplo&hl=en&start=10&sa=N\unp266340129" file. > 11/30/2007 11:54:13 AM SYSTEM 1404 Sign of > "Win32:Mhtplo-10 [Trj]" has been found in "C:\Documents and > Settings\Owner\Local Settings \Temporary Internet > Files\Content.IE5\9I66EBDU\search[1].htm" file. 11/30/2007 > 11:54:40 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 > [Trj]" has been found in "http://www.google.com/search? > q=Win32:Mhtplo&hl=en&start=10&sa=N\unp3580908" file. > 11/30/2007 11:54:41 AM SYSTEM 1404 Sign of > "Win32:Mhtplo-10 [Trj]" has been found in "C:\Documents and > Settings\Owner\Local Settings \Temporary Internet > Files\Content.IE5\9I66EBDU\search[2].htm" file. > > ------------------------------ > > I extracted the files from the virus chest and uploaded them to > Jotti.Org.. only 4 of the detectors found a problem.. but the > majority of them said that they were clean. > > My question is IF this truly was a Win32:Mhtplo-10 trojan.. how > would I know my computer has been infected? My computer seems to > be running fine with no unusual processes running. > > Any replies would be TRULY appreciated! > Google search results have had some issues(along with others) See http://blogs.zdnet.com/security/?p=688&tag=nl.e550 max -- Virus Removal http://max.shplink.com/removal.html Keep Clean http://max.shplink.com/keepingclean.html Tools http://max.shplink.com/tools.html Change nomail.afraid.org to gmail.com to reply by email. |
|
|
|
|
| Thread Tools | |
| Rate This Thread | |
|
|
