Was AVG able to quarantine the files it found? If so, relax. You are not at risk. Could you post the exact file paths that AVG detected?
There have been several posts in other forums about JS/Psyme being detected by AVG in temp files in the past few weeks. A few of these posters went so far as to post HijackThis logfiles, which were clean. Which leads me to suspect this is a false positive detection by AVG.
You might want to get a second opinion from one or more of the following online antivirus scanners:
Thanks for the fast response & help. I was able to quarantine the files, then I deleted them. The only file I was able to write out was C:\Documents and Settings\owner\local settings\temporary internet files\Content.IE5\X7WDZSE\index7.htm
I ran nanoscan and it came up clean
Scan result
Summary: Your PC doesn't have viruses
Time: 43 seconds
Antivirus: GRISOFT AVG 7.5.476 (active and up-to-date)
I saw this myself just today. It is possibly a false positive but what I found curious is that I did not receive a warning notice from AVG during a scan. It was the real time scanning engine that popped up but only after visiting a web page that requested I download an active X control to properly view the page.
Although I denied this active x control to install, I nonetheless received the pop up warning from AVG for this same trojan. I quarantined it, ran a couple scans and found nothing.
Rebooted and opened an internet connection again...so far, no problems. Tried again to visit the same page that previously brought the pop up window warning and once again, upon visiting the page I received the "Microsoft wants to install an active X control while viewing this page". I again denied this request but regardless, while the Microsoft window pops open requesting the installation of the active x, I would also receive at the same time, the AVG warning from real time scanning that it caught this same trojan again.
It's harmless to delete these temp files but I'd use caution in the future before you delete something using the antivirus software. Once it's deleted, it's gone.
I do believe this is a false positive, probably triggered by the Microsoft request to install an active x...time will tell.
What's got my attention however is the recent finding from
Sophos.
I don't remember seeing a active x control. I was web surfing late last night. I remember being on myspace, hotmail, and a blog page. I'll be more careful of what I install and delete. I'm looking over the Sophos site provided. I'm on dial up so i'll download the trial anti virus asap. Thank you.
joe53
2 Intern
•
5.8K Posts
0
July 21st, 2007 04:00
babennett
28 Posts
0
July 21st, 2007 04:00
Summary: Your PC doesn't have viruses
Time: 43 seconds
Antivirus: GRISOFT AVG 7.5.476 (active and up-to-date)
1972vet
3.3K Posts
0
July 21st, 2007 16:00
Although I denied this active x control to install, I nonetheless received the pop up warning from AVG for this same trojan. I quarantined it, ran a couple scans and found nothing.
Rebooted and opened an internet connection again...so far, no problems. Tried again to visit the same page that previously brought the pop up window warning and once again, upon visiting the page I received the "Microsoft wants to install an active X control while viewing this page". I again denied this request but regardless, while the Microsoft window pops open requesting the installation of the active x, I would also receive at the same time, the AVG warning from real time scanning that it caught this same trojan again.
It's harmless to delete these temp files but I'd use caution in the future before you delete something using the antivirus software. Once it's deleted, it's gone.
I do believe this is a false positive, probably triggered by the Microsoft request to install an active x...time will tell.
What's got my attention however is the recent finding from Sophos.
Message Edited by 1972vet on 07-21-2007 12:54 PM
babennett
28 Posts
0
July 21st, 2007 18:00