Avast Warns i'm being attacked every time I go online - Trojans and adware - How do I stop this?

Every Time I connect to the internet avast (free virus software I have running) tells me not to worry but it has discovered a trojan targeting me and tells me to abort connection.

The warnings always come in batches of 4 one after the other for 4 different viruses and then nothing for 10 minutes, then the same warnings again 4 at a time.

When I diconnect there are no warnings

Here are 3 of the 4 viruses Avast finds:

WARNING  DO NOT CLICK THESE !!!!!!

*http://85.25.113.84/users/smell/web/files/encodex.jpg
Win32:agent-IU Trojan

*http://85.25.115.187/users/fill/web/images/logo_big.jpg
win32:small-EK Trojan

*http://85.25.115.187/users/fill/web/images/sphlp32.jpg
win32:adan-094 Adware

I have done a virus scan with Avast, used ad-aware6 and spysweeper but the warnings keep coming.

It seems like there is some kind of bot constantly attacking my pc just in case I let my defences down.

Im on XP sp2 so im using windows firewall aswell.

Im on broadband and my IP goes through a proxy and changes everytime I reconnect.

Is there any way to stop the attacks?

Help much appreciated
DuarteRAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Robing66066Commented:
It's very strange.  Those items you list appear to be picture files that your computer is requesting, not that the outside world is trying to force on you.  At a guess, I'd say you already have something running on your system that you don't want.

You say you have run your anti-virus, etc...  Did you run them while you were in safe mode?  Many viruses/trojans will happily disable or evade a scan if they are allowed to boot with the system.  Run the scan in safe mode (press F8 during system boot and select safe mode, or just press F5 during system boot and it should automatically do it...).  If it still comes back with nothing, you've got an interesting situation there.

Good luck!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
disruptCommented:
Possibly could be in your system restore. The only way to remove it is to disable system restore see if avast still recognizes it as a virus or not than enable it later on if you want it running.

1. Right click My Computer and select properties.
2. Click on the System Restore Tab.
3. Check Turn off system restore. Click Apply then OK.
4. Click Yes if you are prompted to restart.
5. To re-enable, repeat steps indicated and uncheck disable system restore.

(This will remove viruses that were backed up if any and by renabling it will create a new checkpoint to backup your current harddrive)
0
DuarteRAuthor Commented:
just done a boot time scan with avast - with system restore off - found quite a few trojans which Avast deleted and then restarted but warnings have appeared again.
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

rpggamergirlCommented:
Can we look at your Hijackthis log? sometimes viruses and trojans show up in the log, if it does, then we have a fairly good chance of identifying the culprit and ways to remove it.

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "scan and save a logfile" don't fix anything yet, just upload the logfile created, go here and paste your Hijackthis log, http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:

Or copy and paste the log at;
http://www.hijackthis.de/ 
and click "Analyse", "Save".  Post a link to the saved list here.
0
rpggamergirlCommented:
Hold on to your system restore points just yet, :)
Viruses in System Restore does not interact with your system. Viruses in System Restore folder(if there are any) are inactive! You can flush them out later when problem is gone.
0
rpggamergirlCommented:
So you already turn system restore off?
I suggest you turn it back on. Removing malware or viruses/trojans off your system sometimes messes things up, then you might need a restore point to go back to.
0
blue_zeeCommented:

Are you running any P2P software?

You probably are, and you should start looking at uninstalling it or at least trying alternative and safer software.

Zee
0
DuarteRAuthor Commented:
I did a search on the avast forums and there seemed to be alot of threads with people having the same problem -

After a good read through I was pointed in the direction of a couple more virus scanners - Dr Web and Ewido

After doing thoughrough scans with these ( not in safe mode though) they detected more trojans and malware that Avast did not pick up - Once the infected files were deleted the message warnings stopped. I uninstalled these two new scanners (trial versions) and am going to keep Avast running - has served me well for years.

Just goes to show there is no one-stop-shop for virus killers - each has their own strengths.
0
blue_zeeCommented:
Well done.

And you do well having several tools handy, but remember to kee them updated.

Post for a refund at:

http://www.experts-exchange.com/Community_Support/

Zee
0
DuarteRAuthor Commented:
Im sorry for being ignorant - but what does that mean to post for a refund?
0
blue_zeeCommented:

When askers find the answers by themselves they are entitled to having the points refunded and the question deleted or PAQ'd:

I answered my question myself. What do I do?
http://www.experts-exchange.com/help.jsp#hi70

Cheers,

Zee
0
Robing66066Commented:
Although the final solution was devised and implemented by the poster, it seems unlikely he would have reached that point without the help of the experts who replied.

My suggestion is as follows:

250 points to me for pointing out that he was not being attacked by an external source and recommending the virus scan which located the actual problem.

50 points to disrupt for his contribution regarding system restore points.

200 points to rpggamergirl for her recommendation of a best practice method for dealing with entrenched viruses. (which I would still do BTW)

-- Robin
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.