Trojan av.exe virus coming through CMON?

[Wröng]

Whenever I go to the gallery and sort by ranking, a program called av.exe gets onto my computer, past my vigorous security and causing me to have to use System Restore and various other de-lousing tools to get back to normal. Is this happening to anyone else?

I'm using Firefox, AVG, Spybot resident, Spywareblaster and Malwarebyte as my defences.The trojan virus screws up user names, .dll files and generally makes your computer unusable as well as offering pop-ups for 'Antivirus XP' and 'Security Centre'.

Hopefully it's just me. I've scoured my computer and can only find one repeatable infection source and that's CMON. It might be someone cross-linking through the server or hijacking the gallery in some other way, thus it could be just a single entry. It is quite possible I'm entirely wrong and it's nothing to do with CMON. But I thought I'd better check!

 

[Chern Ann]

I just tried it with your search parameter and I have not seen it. If you see a repeated infection, please save the html source so I can identify where it's coming from.

 

[Wröng]

It's happened again...

More about av.exe

Curiouser and curiouser...

I can see nothing up with the http address (http://www.coolminiornot.com/browse). It seems to happen when I set the scores from 1 to 10 to 7 to 10. From close examination of the registry it is associated with 'fyxkaah.dll' and inveigles itself into firefox to start itself up. I can deal with it, but is it a weakness in my computer or something that might get everyone? I am removing the most recent security program I installed, 'Malwarebyte', to see if it's something to do with that.

Thanks for your attention!

O

 

[Beelzebrush]

I've been struggling with the gallery too, also when searching a term and setting a score range 9-10 etc. The page hangs and it also makes the rest of cmon inaccessible.

 

[Wröng]

that too...

Oh, yes, that goes without saying - CMON goes all 404 not found on me every few minutes, like someone turns off the server every so often. Didn't used to do that. It's hardly important but is that a bit of a glitch, too?

With regards the av.exe and related loveliness, it appears that my judicious pruning of the registry has helped, Firefox has gone to a new version and my Windows XP has self updated itself with 8 new 'security patches', all yesterday. Maybe that has put a stop to it? I was mightily surprised that my 3 resident process monitors didn't stop it downloading and running.

Still, maybe it's fixed now. So long and thanks for all the fish...

 

[GunjiNoKanrei]

Didn't encounter the av.exe problem, but ...

Oh, yes, that goes without saying - CMON goes all 404 not found on me every few minutes, like someone turns off the server every so often. Didn't used to do that. It's hardly important but is that a bit of a glitch, too?

Same here. Interestingly enough only at home. At the office CMON works fine. At home I am running Windows 7 with FF3, at the office it is XP and FF2.

 

[Elly3438]

I had this happen to me yesterday, somehow an annoying fake antivirus program installed itself on my computer without me knowing while I was browsing some minis. It was called PC Protector, and I ended up looking for some online instructions for removing it (luckily firefox was still open because it disabled my use of executables).
@Wrong - What's funny is I used the program called "Malwarebyte" to clean up the mess after it took over. (after bypassing the virus)
Here is the link I used: http://www.bleepingcomputer.com/virus-removal/remove-your-pc-protector

 

[Wröng]

So, it's not just me!

Thanks Elly3438, that's exactly the trojan virus that I got. I recommend using regedit to search for av.exe and fyxkaah.dll in HKEY_USERS and HKEY_LOCAL_MACHINE and delete any mention of them. This bug gets into Firefoxs' registry scripts and seemed to slip by Malwarebyte when I set it off.

The fact that there are other people getting the same problem means it's not inconceivable that someone has got into the scripts of CMON and is using it as a passive host to carry the infection.

I don't have the first clue, to be honest, so I'm making an educated stab in the dark! It hasn't happened to me since Tuesday, so maybe something has been fixed?