I don?t know what is going on with my computer lately, but since last Friday, I have been having nonstop virus warnings. Background info:
Windows XP under a limited account
Avira free Home Edition is my antivirus program
I use either Firefox (with AdBlock plus and Noscript) or Opera for a browser
I regularly run scans with Superantispyware Free Edition, Spybot Search & Destroy, Blacklight Rootkit Eliminator and online scans with Ewido/AVG antispyware, Kaspersky, and Windows Live One Care. I have Spyware Blaster and Spyware guard installed as well.
The first problem I noticed was I know one day a couple weeks ago, I updated Firefox to 2.0.0.16 and one day last week, I came on and my computer actually downgraded it to 2.0.0.15, but was saying it was updating the software!
A couple days later, I got a virus warning from Avira. And then another (both from Firefox cache). And then a third (from Opera cache). I set heuristics on high so I expect a lot of false positives (FP), but for months now, I have not had any noticeable problem with viruses. All three of these were HEUR/HTML.malware, which I think are known for FP. Then while running an Ewido antispyware scan, 4 warnings came up in a matter of a minute span, all Trojans. The 4 trojans all come from under AOL files, which has been on my computer since 2006 and I have not even used AOL software in months, but I noticed each warning popping up from Avira as those files were being scanned through Ewido's spyware scanner. Two of the warnings were a TR/Agent.1524328, one was a a TR/Agent.141672, and the last was a a TR/Agent.1489328.
Since then, I have sent all of the files to be analyzed. The 3 HEURs came back false positives, but the 4 Trojans came back as malware. The malware was located in the following:
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\Suite\comps\acsrollb.exe
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\Suite\comps\acslaeu.exe
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\Suite\comps\acscore.exe
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\EU\acslaeu.exe
It's weird because if you Google the above terms, a thread on Bit Defender's webpage states they are false positives.
The day I received the results of those viruses, I got 2 more warnings from Avira, another HEUR/HTML.malware (which came back as another False Positive) and a warning that a Firefox cache file contained recognition patterns of the SPR/Tool.eBlaster (riskware), which came back as malware. Today I got 4 more warnings- 2 were TR/StartPage.HMH (found in C:\Documents and Settings\User name\ Local Settings\Temp\nsv27.tmp\utility.dll), one was ANOTHER HEUR/HTML.malware (found in Firefox cache), and the fourth was TR/PSW.Lmir.UMK.1 [trojan] (found in Firefox cache). Results are not in yet on whether they are FP or malware.
I ran other scans and the results are:
Superantispyware- clean except for cookies
Spybot- clean except for cookies
Blacklight Rootkit- clean
Ewido- clean except for cookies
Malwarebytes Antimalware- clean
Kaspersky- clean
I try to think I have fairly good internet surfing habits- I only visit the same pages whenever I come (I know- not that they can?t be hacked), I never download from unknown sources, I never open emails that I don?t know the sender of, I don?t go near porn. I have not been on any strange webpages or anything. I don?t understand why all of a sudden, I am getting nonstop warnings from Avira. I tried getting help on their forum, but no one has been able to help me. I really don?t want to resort to it, but I am about to just reformat the entire computer. The other thing is, I can?t find any information on any of these viruses.
Also, is there anyway to find out what web page the cache came from?
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic