What do I do-- JS/Downloader

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
My wife was doing something on the computer and an AVG window popped up
indicating some sort of virus.

She closed the window.

Immediately after that we ran AVG and it found
JS/Downloader
It is located in:

C:\Documents and Settings\My name\Local Settings\Temporary Internet
Files\Content.....

(I don't have the rest of the path; I will as soon as AVG finishes running).

If AVG says it can't heal it, can I delete it by clearing the cache?

If not, can I do this by going to DOS (command prompt)?

If not, any suggestions?

Mel




Re: What do I do-- JS/Downloader


| My wife was doing something on the computer and an AVG window popped up
| indicating some sort of virus.
|
| She closed the window.
|
| Immediately after that we ran AVG and it found
| JS/Downloader
| It is located in:
|
| C:\Documents and Settings\My name\Local Settings\Temporary Internet
| Files\Content.....
|
| (I don't have the rest of the path; I will as soon as AVG finishes running).
|
| If AVG says it can't heal it, can I delete it by clearing the cache?
|
| If not, can I do this by going to DOS (command prompt)?
|
| If not, any suggestions?
|
| Mel
|

Yes, clear the TIF.

Please do provide the fully qualified name and path to the file in question.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: What do I do-- JS/Downloader

David:

C:\Documents and Settings\My name\Local Settings\Temporary Internet
Quoted text here. Click to load it

Virus found: JS/Downloader.Agent

The file name was a bit longer than shown.

Is there any additional light you can shed on this? I assume this may be a
pop-up type trojan (for advertising)?

I did delete it

Mel


Quoted text here. Click to load it



Re: What do I do-- JS/Downloader


| David:
|
| C:\Documents and Settings\My name\Local Settings\Temporary Internet
|>>
Quoted text here. Click to load it
|
| Virus found: JS/Downloader.Agent
|
| The file name was a bit longer than shown.
|
| Is there any additional light you can shed on this? I assume this may be a
| pop-up type trojan (for advertising)?
|
| I did delete it
|
| Mel
|

You deleted it and did not post the fully qualified name and path to the file.

All I can conclude is this was a HTML file with a malicious Javascript.

If we still had the file ity could be submitted to Virus Total and we can then
use the
report to obtain more information.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: What do I do-- JS/Downloader

On Thu, 06 Mar 2008 23:31:44 GMT, "David H. Lipman"

Quoted text here. Click to load it

In layman's terms, what kinds of "malicious" things can these scripts
do? Would the browser warn you in any way?

--

Dennis

Re: What do I do-- JS/Downloader


| On Thu, 06 Mar 2008 23:31:44 GMT, "David H. Lipman"
|
Quoted text here. Click to load it
|
| In layman's terms, what kinds of "malicious" things can these scripts
| do? Would the browser warn you in any way?
|

No, no warning.

A perfect example would be an encrypted JavaScript that when decrypted uses an
IFrame
Exploit to download a malware.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: What do I do-- JS/Downloader

On Thu, 06 Mar 2008 23:51:04 GMT, "David H. Lipman"

Quoted text here. Click to load it

Will most anti-virus software prevent the script from being executed? In
the OPs case, it sounds like AVG recognized the script as malware (I
assume it somehow saw the HTML file being written to the browser's
cache). But is the horse already out of the barn at that point?

--

Dennis

Re: What do I do-- JS/Downloader



|
| Will most anti-virus software prevent the script from being executed? In
| the OPs case, it sounds like AVG recognized the script as malware (I
| assume it somehow saw the HTML file being written to the browser's
| cache). But is the horse already out of the barn at that point?
|

It will depend upon if the exploit is known and if the AV scanner can decrypt the
JavaScript.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline