My wife was doing something on the computer and an AVG window popped up
indicating some sort of virus.

She closed the window.

Immediately after that we ran AVG and it found
JS/Downloader
It is located in:

C:\Documents and Settings\My name\Local Settings\Temporary Internet
Files\Content.....

(I don't have the rest of the path; I will as soon as AVG finishes running).

If AVG says it can't heal it, can I delete it by clearing the cache?

If not, can I do this by going to DOS (command prompt)?

If not, any suggestions?

Mel

From: "MB_" <(E-Mail Removed)>

| My wife was doing something on the computer and an AVG window popped up
| indicating some sort of virus.
|
| She closed the window.
|
| Immediately after that we ran AVG and it found
| JS/Downloader
| It is located in:
|
| C:\Documents and Settings\My name\Local Settings\Temporary Internet
| Files\Content.....
|
| (I don't have the rest of the path; I will as soon as AVG finishes running).
|
| If AVG says it can't heal it, can I delete it by clearing the cache?
|
| If not, can I do this by going to DOS (command prompt)?
|
| If not, any suggestions?
|
| Mel
|

Yes, clear the TIF.

Please do provide the fully qualified name and path to the file in question.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

David:

C:\Documents and Settings\My name\Local Settings\Temporary Internet
> |
> Files\Content.IE5\OP6F01AF\Movie_%20midland%20movie%20theater%7CSpecial%....

Virus found: JS/Downloader.Agent

The file name was a bit longer than shown.

Is there any additional light you can shed on this? I assume this may be a
pop-up type trojan (for advertising)?

I did delete it

Mel


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:lfZzj.11204$1_.2582@trnddc02...
> From: "MB_" <(E-Mail Removed)>
>
> | My wife was doing something on the computer and an AVG window popped up
> | indicating some sort of virus.
> |
> | She closed the window.
> |
> | Immediately after that we ran AVG and it found
> | JS/Downloader
> | It is located in:
> |
> | C:\Documents and Settings\My name\Local Settings\Temporary Internet
> | Files\Content.....
> |
> | (I don't have the rest of the path; I will as soon as AVG finishes
> running).
> |
> | If AVG says it can't heal it, can I delete it by clearing the cache?
> |
> | If not, can I do this by going to DOS (command prompt)?
> |
> | If not, any suggestions?
> |
> | Mel
> |
>
> Yes, clear the TIF.
>
> Please do provide the fully qualified name and path to the file in
> question.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>

From: "MZB" <(E-Mail Removed)>

| David:
|
| C:\Documents and Settings\My name\Local Settings\Temporary Internet
|>>
>> Files\Content.IE5\OP6F01AF\Movie_%20midland%20movie%20theater%7CSpecial%....
|
| Virus found: JS/Downloader.Agent
|
| The file name was a bit longer than shown.
|
| Is there any additional light you can shed on this? I assume this may be a
| pop-up type trojan (for advertising)?
|
| I did delete it
|
| Mel
|

You deleted it and did not post the fully qualified name and path to the file.

All I can conclude is this was a HTML file with a malicious Javascript.

If we still had the file ity could be submitted to Virus Total and we can then use the
report to obtain more information.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

On Thu, 06 Mar 2008 23:31:44 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>All I can conclude is this was a HTML file with a malicious Javascript.

In layman's terms, what kinds of "malicious" things can these scripts
do? Would the browser warn you in any way?

--

Dennis

From: "Dennis" <(E-Mail Removed)>

| On Thu, 06 Mar 2008 23:31:44 GMT, "David H. Lipman"
| <DLipman~nospam~@Verizon.Net> wrote:
|
>> All I can conclude is this was a HTML file with a malicious Javascript.
|
| In layman's terms, what kinds of "malicious" things can these scripts
| do? Would the browser warn you in any way?
|

No, no warning.

A perfect example would be an encrypted JavaScript that when decrypted uses an IFrame
Exploit to download a malware.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

On Thu, 06 Mar 2008 23:51:04 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: "Dennis" <(E-Mail Removed)>
>
>| On Thu, 06 Mar 2008 23:31:44 GMT, "David H. Lipman"
>| <DLipman~nospam~@Verizon.Net> wrote:
>|
>>> All I can conclude is this was a HTML file with a malicious Javascript.
>|
>| In layman's terms, what kinds of "malicious" things can these scripts
>| do? Would the browser warn you in any way?
>|
>
>No, no warning.
>
>A perfect example would be an encrypted JavaScript that when decrypted uses an IFrame
>Exploit to download a malware.

Will most anti-virus software prevent the script from being executed? In
the OPs case, it sounds like AVG recognized the script as malware (I
assume it somehow saw the HTML file being written to the browser's
cache). But is the horse already out of the barn at that point?

--

Dennis

From: "Dennis" <(E-Mail Removed)>


|
| Will most anti-virus software prevent the script from being executed? In
| the OPs case, it sounds like AVG recognized the script as malware (I
| assume it somehow saw the HTML file being written to the browser's
| cache). But is the horse already out of the barn at that point?
|

It will depend upon if the exploit is known and if the AV scanner can decrypt the
JavaScript.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp