Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ESET says I'm infected but I can't seem to remove virus


  • Please log in to reply
No replies to this topic

#1 Gusknust

Gusknust

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rio de Janeiro
  • Local time:04:06 PM

Posted 20 January 2011 - 10:50 PM

Hi there,
My PC runs Vista HP SP1 with Windows firewall, Spybot and ESET NOD32. My antivirus has recently detected infection, displaying the following message:
This address has been blocked: e.busca.uol.com.br/404.html - IP address 200.147.3.199:80
This happens everytime Firefox is open and I place the mouse over the favorites list in the Google toolbar. So, I have already deleted some favorites which might be suspicious, uninstalled the bar, uninstalled firefox, deleted registry entries that might be related, scanned for viruses and malware, cleaned temp files and disabled system restore. I've done this at least three times, in safe mode and not, and in different order... all unsuccessful, as the message is still displayed when the cursor hovers over the google bar favorites list in firefox.
Strangelly enough, I have the exact favorites in my browsers (FF 3.6.13 and IE7), but the antivirus does not detect any activity when hovering the mouse over them or even over the list of the same favorites in the google toolbar in IE: it only happens with firefox. Also, I have opened every one favorite entry and checked: none has the address that is blocked as their URL.
I've searched for a way to get rid of this but could not find anything helpful on Google, so I gave up for a while and accepted that, if ESET says it's been blocked, it is preventing the pest from doing whatever it does.
However, Firefox started crashing two days ago and, yesterday, ESET started displaying a warning saying that the following objects are in quarantine:
C:\Users\Gustavo\AppData\Local\Temp\plugtmp-8\plugin-qztgruesw.php
C:\Users\Gustavo\AppData\Local\Mozilla\Firefox\Profiles\nb81ebak.default\Cache\DB2A0477d01
C:\Users\Gustavo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5e952fe9-5e0546e3
C:\Users\Gustavo\AppData\Local\Mozilla\Firefox\Profiles\nb81ebak.default\Cache\32186AFEd01
Then, I assumed it had something to do with FF crashing and started the whole cleaning thing, disabling system restore, runing Vista under safe mode, cleaning all temp files and cache and all, checking the AppData folder (enabling view hidden files) for any suspect folders or files and stuff... scanned system and HD, excluded quarantined objects.
All useless. ESET is still displaying the blocked address when FF is open. Firefox is still crashing every now and then and ESET has just poped up a small quarantine window showing there's some plugtmp-8 in the temp folder quarantined again.
Can you please help? I work a lot at home and can't risk losing data or having trouble with my PC. I'm usually pretty careful when surfing the net or opening attached files and am not naive. Can't fathom where I got the pest. Unless it is a false positive, as I've found some evidence that ESET might be detecting possible threats which just are not.




Edited by Gusknust, 20 January 2011 - 10:52 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users