A slight rant on JS:Redirector-BOS [Trj] and aswmbr

[thearkive]

Well, this a funny convoluted tale. Anyway I first came here looking for answers on JS:Redirector-BOS [Trj], and I mostly found some and have some ideas on that. So here goes: I'm sure people have figured out it may be a bad tracker or seed, trying to disseminate malware, than any one file or application. So the quick solution would be to not connect to that tracker or seed. to do that you can just not try downloading any files or bits of them that are located or passed through that tracker. Of course the problem then becomes which tracker is it? So far I've narrowed it down to a few maybe dozen public trackers. If avast did it's job and actually kept that malware off my computer then deleting torrent file itself from the torrent client should keep it from trying to connect again.

Well, that was going to be my original post. I think I may have that mostly handled, but I still wanted a second opinion. Unfortunately, I think I may have stumbled on an actual problem. As I was running aswmbr, it found something. Anyway, logs attached for interested parties.

[mikaelrask]

hey and welcome to the forum. thanks for attaching the needed logs, a malware expert will help you from here when on is online later today.

no antivirusprogram has 100% cover of all the malware out there.

[Michael (alan1998)]

If avast did it's job and actually kept that malware off my computer then deleting torrent file itself from the torrent client should keep it from trying to connect again.

An answer to that. If you will, please find me an Anti-Virus that always detects all malware/Viruses/Worms etc. If you can prove that, then you have reason, if not. Then please don't be going around claiming Avast! isn't doing it's job. It's part your fualt too. Using BitTorrent/Utorrent

[essexboy]

In and of themselves the downloaded seeds may appear innocuous, but once they start transmitting then they become apparent.  If you know what seeds they are then please delete them

The unknown detected by AswMBR is related to Daemon tools so harmless

 Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
[2013/10/06 23:48:49 | 000,000,292 | ---- | C] () -- C:\Windows\Tasks\Driver Booster Update.job

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[geniee]

Hi thearkive,

I have the exact same problem as you, JS:Redirector-BOS [Trj] is on my PC through uTorrent. Do you have any tips on how to find which seed it is that's infected? I haven't the first clue as to how to find it on mine, and it's driving me up the wall every time avast! tells me it's saved me from this stupid virus. Did you delete the seed completely (.torrent+data), or just stop/complete it? Because if it's the latter I can just stop all my seeds and be done with it.

On a side note, has this trojan affected your PC in some other way? Like, are things not behaving the way they're supposed to? Because I'm currently not able to install anything on my PC as the install files I download are somehow all corrupted and unable to be run, whether with SmartScreen on or off.

I already have my own thread, but I just wanted some insight from someone who has or has had the same problem as me. T_T

[Michael (alan1998)]

Geniee. start your own thread for help

[thearkive]

In and of themselves the downloaded seeds may appear innocuous, but once they start transmitting then they become apparent.  If you know what seeds they are then please delete them

The unknown detected by AswMBR is related to Daemon tools so harmless

thanks for checking that . I already cleared my entire completed list. It's going to take some trial and error to find which is the bad tracker. Guess I'll stay away from public trackers until I set something up to test with.

I have the exact same problem as you, JS:Redirector-BOS [Trj] is on my PC through uTorrent. Do you have any tips on how to find which seed it is that's infected? I haven't the first clue as to how to find it on mine, and it's driving me up the wall every time avast! tells me it's saved me from this stupid virus. Did you delete the seed completely (.torrent+data), or just stop/complete it? Because if it's the latter I can just stop all my seeds and be done with it.

On a side note, has this trojan affected your PC in some other way? Like, are things not behaving the way they're supposed to? Because I'm currently not able to install anything on my PC as the install files I download are somehow all corrupted and unable to be run, whether with SmartScreen on or off.

I just figured since it's not the files themselves that are causing the popup's I'd just clear the torrent list and only that. that seemed to to stop them. that's not to say there isn't something else lurking in downloaded files, but if that were the case the antivirus would have gone off months ago instead of some time last week. As for figuring out which one it is, utorrent at least has a tab labelled trackers that shows you where your seeds/peers connect through. Each torrent has it's own tracker list that can be added to or removed from by right clicking and choosing properties on each torrent. As for figuring out which is the bad one, I'm sure there's an easier way than trial and error, which I would not suggest, but I can't think of it. Best advice I can give as a fellow torrenter, stick with private trackers and keep your antivirus updated, or just don't do it at all. For the other problem you are having, that is something else and I suggest you do as alan1998 says.

[essexboy]

As it stands your system looks clean any further problems ?

[thearkive]

Nope.

Appreciate you taking a look.