Hi There,

I have just got in this evening and logged onto facebook. When I open the superwall app I am getting Avira pop up to tell me it has found an infection of HTML/Crypted.Gen located in my temporary internet files.

I think the app is downloading a javascript to my pc which appears to be infected. I have removed the app cleared all my temporary files and cookies and I am now running a full scan. I don't expect it to find anything though.

Can anyone suggest what this could be?

Hi RichD,

You know we need more info than that to work with :lol:


Download and Run RSIT


Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:


log.txt will be opened maximized.
info.txt will be opened minimized.


Please post the contents of both log.txt and info.txt.

Hi Katana,

Thanks for the reply,

I am currently on my hols abroad so cant do much at the minute. I am happy that I have not been infected and I am fairly sure about what is going on. It appears that the Java aplet that is downloaded and stored in temporary internet files is triggering something in the Avira realtime scanner. So I just thought I would see if anyone knew anything about it as Facebook and superwall are quite commonly used.

Thanks

Rich

HTML/Crypted.Gen
Description:
To avoid detection by antivirus software, authors of HTML malware use browser features like Java and VisualBasic Script. These scripts are small and very often quite simple encryption routines hiding the malicious parts of the script. Encrypted malware is detected as HTML/Crypted.Gen.

It is a generic detection, so without the actual file there isn't much I can tell you.

Might be worth an up load to joti then?

Might be worth an up load to joti then?
If you know which file it is yes.