HTTP Phoenix Toolkit Download Request

Archive
1

Hi Community,

 

My first posting here, though I've often browsed responses to get help with other issues. Hope someone here can help me with this.

 

On Sunday (27th Feb) I was browsing Ebay when the machine started running very slowly. Suddenly Norton popped up with two messages stating "An Intrusion Attempt Was Blocked".

 

Looking in Norton history, the associated risks were  "HTTP Phoenix Toolkit Download Request" and "HTTP FakeAV Web Page Request 1".

 

I shutdown my browser and immediately executed a full norton scan and a scan using Malwarebytes.

The norton scan discovered a Downloader (fhtagn.class) somewhere in what looked like a Java directory.

Whilst running Malwarebytes, another norton alert popped up stating "a0006586.ocx (Bloodhound.MalPE) detected by Auto-Protect". It looked like it found this in my System Restore area.

 

In both the above cases, it looked like the issue was addressed by Norton.

 

After finding these problems, I've checked that all my products are upto date (Java, Adobe, Microsoft). I've made sure that my Browser temporary files have been removed. I've also reset my router.

 

I've re-ran Norton full scan and Malwarebytes and both are now coming up clean.

 

All seemed to be ok, although my wife also hit another "Intrusion Attempt Blocked" when looking at a shopping website later on the same night.

 

I have to state I haven't seen the same problem since Sunday.

 

Since finding these problems I've checked a few forums to see if anyone has had the same problem. There does appear to be some who've had similar issues with a product called AVG, but they seem a lot worse than I am experiencing. There also appears to be statements in the press regarding an Ad Malware attack on a number of UK websites (ebay, autotrader to name two).

 

I have to confess that I'm not an expert in any of this, but I was hoping that my post may at least alert someone else that had the same problem that they weren't alone, but also to verify with any experts here that I've taken all the appropriate actions.

 

I intend to keep monitoring in the meantime.

 

Thanks in advance for any help.