What do I do-- JS/Downloader

[MB_]

My wife was doing something on the computer and an AVG window popped up
indicating some sort of virus.

She closed the window.

Immediately after that we ran AVG and it found
JS/Downloader
It is located in:

C:\Documents and Settings\My name\Local Settings\Temporary Internet
Files\Content.....

(I don't have the rest of the path; I will as soon as AVG finishes running).

If AVG says it can't heal it, can I delete it by clearing the cache?

If not, can I do this by going to DOS (command prompt)?

If not, any suggestions?

Mel

 

[David H. Lipman]

From: "MB_" <[email protected]>

| My wife was doing something on the computer and an AVG window popped up
| indicating some sort of virus.
|
| She closed the window.
|
| Immediately after that we ran AVG and it found
| JS/Downloader
| It is located in:
|
| C:\Documents and Settings\My name\Local Settings\Temporary Internet
| Files\Content.....
|
| (I don't have the rest of the path; I will as soon as AVG finishes running).
|
| If AVG says it can't heal it, can I delete it by clearing the cache?
|
| If not, can I do this by going to DOS (command prompt)?
|
| If not, any suggestions?
|
| Mel
|

Yes, clear the TIF.

Please do provide the fully qualified name and path to the file in question.

 

[MZB]

David:

C:\Documents and Settings\My name\Local Settings\Temporary Internet

|
Files\Content.IE5\OP6F01AF\Movie_%20midland%20movie%20theater%7CSpecial%....

Virus found: JS/Downloader.Agent

The file name was a bit longer than shown.

Is there any additional light you can shed on this? I assume this may be a
pop-up type trojan (for advertising)?

I did delete it

Mel

 

[David H. Lipman]

From: "MZB" <[email protected]>

| David:
|
| C:\Documents and Settings\My name\Local Settings\Temporary Internet
|>>|
| Virus found: JS/Downloader.Agent
|
| The file name was a bit longer than shown.
|
| Is there any additional light you can shed on this? I assume this may be a
| pop-up type trojan (for advertising)?
|
| I did delete it
|
| Mel
|

You deleted it and did not post the fully qualified name and path to the file.

All I can conclude is this was a HTML file with a malicious Javascript.

If we still had the file ity could be submitted to Virus Total and we can then use the
report to obtain more information.

 

[Dennis]

All I can conclude is this was a HTML file with a malicious Javascript.

In layman's terms, what kinds of "malicious" things can these scripts
do? Would the browser warn you in any way?

 

[David H. Lipman]

From: "Dennis" <[email protected]>

| On Thu, 06 Mar 2008 23:31:44 GMT, "David H. Lipman"
|
| In layman's terms, what kinds of "malicious" things can these scripts
| do? Would the browser warn you in any way?
|

No, no warning.

A perfect example would be an encrypted JavaScript that when decrypted uses an IFrame
Exploit to download a malware.

 

[Dennis]

From: "Dennis" <[email protected]>

| On Thu, 06 Mar 2008 23:31:44 GMT, "David H. Lipman"

|
| In layman's terms, what kinds of "malicious" things can these scripts
| do? Would the browser warn you in any way?
|

No, no warning.

A perfect example would be an encrypted JavaScript that when decrypted uses an IFrame
Exploit to download a malware.

Will most anti-virus software prevent the script from being executed? In
the OPs case, it sounds like AVG recognized the script as malware (I
assume it somehow saw the HTML file being written to the browser's
cache). But is the horse already out of the barn at that point?

 

[David H. Lipman]

From: "Dennis" <[email protected]>


|
| Will most anti-virus software prevent the script from being executed? In
| the OPs case, it sounds like AVG recognized the script as malware (I
| assume it somehow saw the HTML file being written to the browser's
| cache). But is the horse already out of the barn at that point?
|

It will depend upon if the exploit is known and if the AV scanner can decrypt the
JavaScript.