AVG continuously detecting threats (virus found exploit)

By Kirei Blossom ยท 11 replies
Nov 16, 2008
  1. Hi,

    My avg keeps detecting viruses and trojan horses in the C::/documents and settings/user/local settings/temporary internet files. I noticed it usually happened while I was on the main page of my yahoo mail, buts it happening elsewhere too.

    The taskbar on my IE showed it was trying to open http://do.qwertyy.cn/..... right before a virus hit, so I added "http://do.qwertyy.cn/*" to the restricted sites in the security options. The trojan horses have stopped coming, but the virus is still there. According to AVG, the Virus Discovery is "Virus found Exploit", and Object name is "do[1].htm"

    The virus hits, avg detects and moves it to the virus vault. It's not doing any damage, but its annoying.

    Any fixes?
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Run CCleaner

    Then do this:

    How to use Reset Internet Explorer Settings (RIES)

    To use RIES in Internet Explorer 7, follow these steps:

    1. Click the Tools menu, and then click Internet Options.
    2. On the Advanced tab, click Reset.
    3. In the Reset Internet Explorer Settings dialog box, click Reset.
    4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
    5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

    Note for users who cannot start Internet Explorer 7 for some reason, use RIES from Internet Options in Control Panel.

    Then have a look at:

    Viruses/Spyware/Malware Preliminary Removal Instructions
  3. Kirei Blossom

    Kirei Blossom TS Enthusiast Topic Starter Posts: 172

    I ran cccleaner, ad-aware, and AVG antivirus, it doesn't find anything. But then when I'm online, the viruses keep coming. It's always the same one. Every time the virus strikes, I notice this URL in the status bar:


    Is there any way to just block this URL? I have a suspicion that the whole wi-fi LAN network I use for my internet might be infected.
  4. Kirei Blossom

    Kirei Blossom TS Enthusiast Topic Starter Posts: 172

    my hijackthis log:
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Delete the file in the AVG Virus Vault.
    Delete your temporary internet files.

    Per the HijackThis log:
    You are running AVG v7 which is not currently supported as far as I know. Update to v8 ASAP:

    Update Java:
    Did you set our homepage to come up as a blank page? If not, you have the about:blank malware. Remove the following:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    This should be stopped:
    Check against your ISP:
  6. Kirei Blossom

    Kirei Blossom TS Enthusiast Topic Starter Posts: 172

    Deleted all temp internet files
    Updated Java. Uninstalled older java versions.
    My homepage was set to about:blank
    Fixed the 09: extra tools menu item in hijackthis
    All those IP addresses are mine. They're all listed in the DNS, gateways etc.

    Putting up new Hijackthis log.
  7. Kirei Blossom

    Kirei Blossom TS Enthusiast Topic Starter Posts: 172

    sigh.. none of this worked. The viruses are still appearing, even more than before now. They mostly appear whenever my IE blocks these cookies from particular strange URLs. I'm adding a screenshot of these strange URLs that keep trying to open.

    I'm getting the virus exploit, trojan horse exploit, and trojan horse js/downloader agent.

    I keep deleting the temp internet files, where all the viruses go. AVG keeps catching them, but no matter how much I clean my system, the viruses keep on coming when I connect to the internet.

    Also, I don't know if this is related, but during all these viruses continuously popping up, a message balloon appeared in the taskbar: Application popup: Windows - Virtual Memory Minimum Too Low : Your system is low on virtual memory. Windows is increasing the size of your virtual memory paging file. During this process, memory requests for some applications may be denied. For more information, see Help.

    Attached Files:

  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    But you didn't update AVG and that means you aren't getting current update. That means you are going to continue to get infected:
    It means that even though you have an antivirus program installed and loading, it isn't getting the updates of recent or current malware. So the second you access the internet, you are open for whatever virus/Work/Trojan might be around.

    Post 5:
    Update this and then maybe we will get somewhere.
  9. D0uD0u

    D0uD0u TS Rookie

    I'm no expert but Is your computer on a local network?
    i had a similar problem. I had norton IS 2007 which kept popping up trojan.Webkit!html. Yet, on full system scan no viruses were detected. Then, I downloaded AVG 8. AVG 8 started giving me the "Virus found Exploit" message with every webpage i tried to open either with IE or firefox. With firefox, i noticed the message "u.cruze3.cn" waiting. And again no threats on full scan.
    Finally, i found out that an infected computer in my network was presenting itself as the default gateway and was returning this address with the script in the html documents.
  10. Kirei Blossom

    Kirei Blossom TS Enthusiast Topic Starter Posts: 172

    D0uD0u, yes that's exactly whats happening with me. I have a local network. And I'm getting the u.cruze3.cn with IE and Opera, even though nothing turns up on a full scan.

    How can I figure out which computer is infected? My internet providers provide internet to the whole city! And I doubt they'd want to investigate the whole thing.

    Bobbye, I have a very very old computer. It can't handle updating to XP SP2, and I can't upgrade to AVG 8 without sp2. Anyhow, the problem isn't really AVG, because AVG is doing its job (and even avg 7,5 is updating itself daily, and the virus database always says it was released 1 day or 2 days ago) Problem is my internet. I know of two or three computers that are using the same ISP, and having the same virus problem.
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Suggest you replace AVG with an antivirus program that you can keep current.
  12. Kirei Blossom

    Kirei Blossom TS Enthusiast Topic Starter Posts: 172

    I talked to my ISP today, and they acknowledged this virus problem, and are working on it.

    Thanks everyone for your help.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...