Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on January 23, 2015, 10:26:26 PM

Title: JS: Agent - DIE [Trj]
Post by: REDACTED on January 23, 2015, 10:26:26 PM

Hello,

I noticed my computer running very slow. So I scanned it with avast. It found nothing. I then ran a scan at boot that found JS: Agent - die Trj. It was in my Firefox settings. I am wondering if there is a way to tell when the infection happened. I just made a backup of my hard disk with macrium 2 days ago and I want to know if it and or my hard drive is infected. Also is there a way to see what the Trojan did or if it was able to install malware or copy files?

Title: Re: JS: Agent - DIE [Trj]
Post by: Eddy on January 23, 2015, 10:33:04 PM

https://forum.avast.com/index.php?topic=53253.0

Title: Re: JS: Agent - DIE [Trj]
Post by: Pondus on January 23, 2015, 10:55:00 PM

Quote

I then ran a scan at boot that found JS: Agent - die Trj

in your firefox cache/temp folder i guess .... most likely a leftover from a infected website

Title: Re: JS: Agent - DIE [Trj]
Post by: REDACTED on January 24, 2015, 01:27:38 AM

Taking forever to finish I'll upload asap.

Title: Re: JS: Agent - DIE [Trj]
Post by: REDACTED on January 24, 2015, 01:30:34 AM

Well this time there will be three files. However I don't know how to get them to display.

Title: Re: JS: Agent - DIE [Trj]
Post by: REDACTED on January 24, 2015, 06:09:09 AM

Is there any way to figure our what files were accessed or uploaded?

Title: Re: JS: Agent - DIE [Trj]
Post by: essexboy on January 24, 2015, 12:45:29 PM

Hi this is something new

I may need to take several runs at this

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

Quote

CreateRestorePoint:
Unlock: C:\WINDOWS\System32\drivers\cdsmxbdr.sys
Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcqixu
DisableService: dcqixu
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
C:\ProgramData\MakeMarkerFile.exe
C:\WINDOWS\System32\drivers\cdsmxbdr.sys
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that

Title: Re: JS: Agent - DIE [Trj]
Post by: REDACTED on January 24, 2015, 05:10:41 PM

I am totally glad you are trying to help me fix this issue. But can you please let me know if there is a way to see what was accessed if anything. Do I need to change all of my passwords? I never type them in I used a password utility. I do type my master password in that. Also were my files messed with?

The computer its self is going to get wiped and reinstalled either with my backup or my installation disc.

Title: Re: JS: Agent - DIE [Trj]
Post by: Michael (alan1998) on January 24, 2015, 05:44:44 PM

I doubt that the system will need to be wiped. Essexboy has almost resolved all issue realting to Trojans/Viruses without the need for wiping the HDD clean.

Quote

Do I need to change all of my passwords?

It never hurts to change your passwords every month or so. It'll only help you. So, yes.

Title: Re: JS: Agent - DIE [Trj]
Post by: REDACTED on January 24, 2015, 06:05:00 PM

Well the fix has been running for a few hours now.

Title: Re: JS: Agent - DIE [Trj]
Post by: essexboy on January 24, 2015, 06:43:01 PM

OK stop FRST, there should be a fixlog on the desktop could you post that and then run the following programme:

 Download AVZ tool from here  (http://media.kaspersky.com/utilities/ConsumerUtilities/avz4.zip) to your desktop
Unzip all files to a folder on your desktop
Open the folder and double click the AVZ icon (https://dl.dropboxusercontent.com/u/73555776/avz.JPG)
When the tool opens select "File" > "Standards scripts"
(https://dl.dropboxusercontent.com/u/73555776/avz1.jpg)

Place a tick in :

  3.   Advanced  System Analysis with malware removal mode enabled
5. Update signature database

Then press "Execute selected scripts"
(https://dl.dropboxusercontent.com/u/73555776/avz2.JPG)

There will be several warnings, OK them all and the system will reboot on completion of the analysis

After the reboot look in the folder AVZ4 on your desktop
Open the LOG folder
Place the zip file in your dropbox public folder and post the sharing link in your next post   KL_syscure.zip
(https://dl.dropboxusercontent.com/u/73555776/vz3.JPG)

Title: Re: JS: Agent - DIE [Trj]
Post by: REDACTED on January 24, 2015, 10:27:27 PM

Well I thank all of you for your help but my computer crashed and I have to get my computer up and running because I have homework due tomorrow. So i am just going to re-image my drive and hope the issue happened after my backup was done. I assume I can just use Avast and Malware bytes to do a scan of the fresh install and find anything that may be an issue. Would you guys do anything else? I would have liked to resolve this issue with out the wipe but my homework can not wait.

Title: Re: JS: Agent - DIE [Trj]
Post by: essexboy on January 24, 2015, 11:32:36 PM

Not  a problem with re-imaging.  I t was the quickest option

Aye Avast and MBAM should suffice 

Title: Re: JS: Agent - DIE [Trj]
Post by: REDACTED on January 24, 2015, 11:54:19 PM

Can you guys recommend a forum about personal security to prevent this from happening? Should I start running things in a sandbox?

Title: Re: JS: Agent - DIE [Trj]
Post by: essexboy on January 25, 2015, 01:09:01 PM

To learn more about how to protect yourself while on the internet read this little guide  Best security practices  (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/)Keep safe  :wave: