T
thx1138xxix
Hello,
I was hoping someone in here could help me with a problem I've had
that last two days.
I use Avast anti-virus, it has a "web shield" that scans web pages for
anything malicious. While browsing the Digital Trends forums, I
received an alert that the site I was on contained Win32:Mhtplo-10
[Trj]. It advised me to abort the connetion and move the file that was
in my temporary internet files folder to the Avast's virus chest. I
tried to do this, but was prompted that the file was in use and could
not be moved. So I chose "no action" and shut the browser down.
Afterwards I was able to move the file in question to the virus chest.
I then decided to look up what Win32:Mhtplo-10 was. So I went on
Google and started to search.. and the same alert came up. It said
that the Google search page contained Win32:Mhtplo-10 [Trj]. So I
repeated the same actions as above.
Since then I've run full scans with Avast!, AVG Anti-Spyware and
Spybot's Search and Destroy and all scans were clean.
I just find it odd that Avast detected these "threats" on reputable
sites like Google and Digital Trends. It makes me want to believe that
they must be false positives.
This is the log that Avast created..
------------------------------
11/29/2007 8:48:08 PM SYSTEM 1412 Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "http://forums.digitaltrends.com/archive/index.php/
t-4230.html\unp137460016" file.
11/29/2007 8:48:33 PM SYSTEM 1412 Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "C:\Documents and Settings\Owner\Local Settings
\Temporary Internet Files\Content.IE5\I4GUG4E9\t-4230[1].htm" file.
11/29/2007 8:54:51 PM Owner 2960 Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "C:\Documents and Settings\Owner\Local Settings
\Temporary Internet Files\Content.IE5\I4GUG4E9\t-4230[1].htm" file.
11/30/2007 11:54:03 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "http://www.google.com/search?
q=Win32:Mhtplo&hl=en&start=10&sa=N\unp266340129" file.
11/30/2007 11:54:13 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "C:\Documents and Settings\Owner\Local Settings
\Temporary Internet Files\Content.IE5\9I66EBDU\search[1].htm" file.
11/30/2007 11:54:40 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "http://www.google.com/search?
q=Win32:Mhtplo&hl=en&start=10&sa=N\unp3580908" file.
11/30/2007 11:54:41 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "C:\Documents and Settings\Owner\Local Settings
\Temporary Internet Files\Content.IE5\9I66EBDU\search[2].htm" file.
------------------------------
I extracted the files from the virus chest and uploaded them to
Jotti.Org.. only 4 of the detectors found a problem.. but the majority
of them said that they were clean.
My question is IF this truly was a Win32:Mhtplo-10 trojan.. how would
I know my computer has been infected? My computer seems to be running
fine with no unusual processes running.
Any replies would be TRULY appreciated!
I was hoping someone in here could help me with a problem I've had
that last two days.
I use Avast anti-virus, it has a "web shield" that scans web pages for
anything malicious. While browsing the Digital Trends forums, I
received an alert that the site I was on contained Win32:Mhtplo-10
[Trj]. It advised me to abort the connetion and move the file that was
in my temporary internet files folder to the Avast's virus chest. I
tried to do this, but was prompted that the file was in use and could
not be moved. So I chose "no action" and shut the browser down.
Afterwards I was able to move the file in question to the virus chest.
I then decided to look up what Win32:Mhtplo-10 was. So I went on
Google and started to search.. and the same alert came up. It said
that the Google search page contained Win32:Mhtplo-10 [Trj]. So I
repeated the same actions as above.
Since then I've run full scans with Avast!, AVG Anti-Spyware and
Spybot's Search and Destroy and all scans were clean.
I just find it odd that Avast detected these "threats" on reputable
sites like Google and Digital Trends. It makes me want to believe that
they must be false positives.
This is the log that Avast created..
------------------------------
11/29/2007 8:48:08 PM SYSTEM 1412 Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "http://forums.digitaltrends.com/archive/index.php/
t-4230.html\unp137460016" file.
11/29/2007 8:48:33 PM SYSTEM 1412 Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "C:\Documents and Settings\Owner\Local Settings
\Temporary Internet Files\Content.IE5\I4GUG4E9\t-4230[1].htm" file.
11/29/2007 8:54:51 PM Owner 2960 Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "C:\Documents and Settings\Owner\Local Settings
\Temporary Internet Files\Content.IE5\I4GUG4E9\t-4230[1].htm" file.
11/30/2007 11:54:03 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "http://www.google.com/search?
q=Win32:Mhtplo&hl=en&start=10&sa=N\unp266340129" file.
11/30/2007 11:54:13 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "C:\Documents and Settings\Owner\Local Settings
\Temporary Internet Files\Content.IE5\9I66EBDU\search[1].htm" file.
11/30/2007 11:54:40 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "http://www.google.com/search?
q=Win32:Mhtplo&hl=en&start=10&sa=N\unp3580908" file.
11/30/2007 11:54:41 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "C:\Documents and Settings\Owner\Local Settings
\Temporary Internet Files\Content.IE5\9I66EBDU\search[2].htm" file.
------------------------------
I extracted the files from the virus chest and uploaded them to
Jotti.Org.. only 4 of the detectors found a problem.. but the majority
of them said that they were clean.
My question is IF this truly was a Win32:Mhtplo-10 trojan.. how would
I know my computer has been infected? My computer seems to be running
fine with no unusual processes running.
Any replies would be TRULY appreciated!