Well, I found out that the virus is there when I wanted to upload it and confirmed it with this website : http://virusscan.jotti.org/
Jimmy gave, here is a screenshot:

http://i19.tinypic.com/8fcirli.jpg

I will try that last option of shadowx first because it really seems logic
If it doesn't work I will deffenitly try the rest, thanx

Update 1:
Uninstalling and Reinstalling Web Page Maker completely didn't solve the problem

Greetzz

Ah thanks for the Screenie, i found a hit on the second malware mentioned there, Trojan.Downloader.JS.Small.dn Interestingly though the only result i could find was by using "Trojan" to start it rather than "Troj" so maybe the online scan shortened the name, either way it sounds like the right thing. A short description can be found here http://www.avira.com/en/threats/section/fu...s_small.dn.html

It is indeed a downloader as the name suggests, it seems to download an EXE which is then executed and thats the part to really worry about. Unfortunately it didnt have removal instructions but i have some suggestions now that we have a lead...

The first is to try this AV program http://www.avira.com/en/download/index.html download the home personal one as its free. The reason i suggest this is that symantec and other big names seem to be oblivious to this as was found by the AV's you tried and the fact their security response sites didnt even recognise the malware name. However this AV company seem to have recognised it so i think its definitely worth a shot with this AV, you can always uninstall all these AV progs afterwards.

If that doesnt work then i have another suggestion. The online scanner found two malware, possibly the same one just with a different name and one of the scanners that found it was the ClamAV scanner. Ive never heard of this scanner but ive done a google and found a windows download version of it: http://w32.clamav.net/ I know the website doesnt look much but its used by the online scan company and has been on *nix for years apparently so it seems legit and useful so give that a shot. Again i suggest this because it seems to be able to recognise the malware and hopefully remove it.




I see.. Bad times.. So in theory that application should be good which means something else is infected... The problem is that we only know you are infected because you tried to upload a HTML file and as no AV so far has detected it you never know how many files are infected already... If you havent already got a firewall install Comodo firewall (google it, very reputable i use it on every machine i touch) and set it to the custom security level and if you get alerts for things like IM clients or Web browsers accept them but dont check the "remember my decision" box. If anything comes up with a red alert (you can tell because the top of the alert box will be red) deny it and if any programs access the internet when they shouldnt be (such as text editors and programs that work when you arent connected to the net) Deny them also but remember dont check the remember box. If you've already got a firewall then keep a close eye on it just in case something tries to download something you dont want.

I have faith in the two AVs i suggested so give them a shot and see if they can catch it. If possible do all these scans in safe mode as Saint_Michael said. I've just seen his post and didnt realize it untill now... Seems odd how it got in there without me noticing! Anyway try his suggestions first as they seem to have more credibility and if they dont work then try mine

Ok, gonna try your suggestions, using AVG Free in safe mode didn't help BTW, it took 2.5 hours to scan 90000 files

Greetzz

Okay I have an idea, it may seem barmy at first, but would you be able to open with notepad or wordpad the .html file that is "infected", copy all the text and paste it in a "code" tag on here please? That may give a hint as to where the thing stems from or what it contacts etc etc... (Make sure you paste it in a code tag, we don't want infected stuff here on trap!!)

Good Luck

I sorta suggested that but using a screenie of the code rather than the actual code on T17 as a screenie is a lot safer than having mal-code on the forums as its always possible there would be a leak. So i would say use a screenie instead of the code itself just in case!

Ah yes you got me :-) Nice! How many screenshots can you fit the page onto?

Did you disable the windows recovery before scanning in safe mode? Also I found the solution since this Trojan goes by another name js.wonka. So do what this website says in order to remove the Trojan from your computer, and if that doesn't work wipe the hard drive and reinstall, because firewall is not going to be able to protect your computer since that Trojan is planted in nice and comfy into your computer. So any firewall or AV will think its a windows file such as it has been since you first posted this and no anti-virus software is picking it up, and so if you have to go with the re-installation make sure you have firewall and anti-virus software installed, and then update the software ASAP and you should be fine.

Well, I thought since reinstalling Web Page Maker didn't help it was the save file, and I was right. I will work from my last save file en remove the other one, I hope that with that the problem is solved, if not, I will inform you.

BIG THANX FOR EVERYBODY'S GREAT HELP!!!!!!!

Ok, it worked for this ones but now I wanted to upload another one and it was back, Ill just keep trying the suggestions

Greetzz