Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on November 20, 2016, 01:26:01 PM

Title: JS:includer-BOF [Trj]
Post by: REDACTED on November 20, 2016, 01:26:01 PM
When I try to access some specific webpages Avast sends a warning about infection JS:includer-BOF [Trj]. It does not find the infection on complete system scan however. The website I am trying to access is usualy reliable and the Avast chrome plug-in rates it as safe. The warning appears both in chrome and Ms Edge. It says:

Object:
http://aprender.unb.br/index.php | {gzip}
Infection:
JS:includer-BOF [Trj]
Process:
C:\\Windows\Systems\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe


What should I do?
Title: Re: JS:includer-BOF [Trj]
Post by: Pondus on November 20, 2016, 01:34:36 PM
Blacklisted
https://virustotal.com/nb/url/593e6f7497e74a65df8c4876ddc6cb813e56c94e6a3388040f60463180f9126c/analysis/1479645201/

INFECTED  >>  https://sitecheck.sucuri.net/results/aprender.unb.br

HTML scan
https://virustotal.com/nb/file/60a1bad3e4f07af6b4ff3269de86f699ce88a179eae3393498ec6b9c4d986ea9/analysis/1479645355/


Title: Re: JS:includer-BOF [Trj]
Post by: Eddy on November 20, 2016, 02:03:36 PM
Quote
It does not find the infection on complete system scan however.
Ofcourse it will not find anything as the infection/malware is on the website and not on your system.

Besides what Pondus already reported, there is another problem.

The site is trying to load things from m3ntalo.
http://labs.sucuri.net/?details=m3ntalo.at

More problems detected on that site :
http://www.urlvoid.com/scan/aprender.unb.br/
http://retire.insecurity.today/#!/scan/8814896ad2067735607fc71723be91ecf99e655ea4a3abfd1f75d897cf72e174
http://zulu.zscaler.com/submission/show/efcf13ed387a3920b39e56f3e378b7ac-1479646733
https://quttera.com/detailed_report/aprender.unb.br
https://www.virustotal.com/en/url/2ae467d11b0b7d74443478213b01ea28f25fefc288433bc26699273b81c9a356/analysis/1479646761/
Title: Re: JS:includer-BOF [Trj]
Post by: REDACTED on November 20, 2016, 06:17:26 PM
Thanks everyone!
Title: Re: JS:includer-BOF [Trj]
Post by: polonus on November 20, 2016, 11:15:54 PM
Be glad that avast prevented your computer from getting infested, as this is a very persistent malcode threat with serious implications.
Read some background info here: http://computerfixguide.com/how-to-delete-jsincluder-bof-trj-from-computer/

Avoid going to websites with Free Software, Spam Email and Porn Websites
as these form main risk-sites to get in touch with unwanted infesting malcode.

For those infested, do not try out any of the above, but take the appropriate steps as proposed here:
https://forum.avast.com/index.php?topic=53253.0   and wait for a qualified remover to assist you.

polonus
Title: Re: JS:includer-BOF [Trj]
Post by: globinli on November 28, 2016, 07:31:01 AM
I also get almost every day the same virus warning too. Its by www.radin.ch!

The webmaster claims, its only with avast. But than, he fix something in the background and the notification disapears! A day or two later, avast alarms me again!!

How it can be, that not everybody will get a virusalarm????
Title: Re: JS:includer-BOF [Trj]
Post by: Asyn on November 28, 2016, 07:36:04 AM
-> https://sitecheck.sucuri.net/results/www.radin.ch/
Title: Re: JS:includer-BOF [Trj]
Post by: Pondus on November 28, 2016, 07:39:17 AM
SUSPICIOUS  >>  http://www.UnmaskParasites.com/security-report/?page=www.radin.ch

Blacklisted  >>  https://virustotal.com/en/url/f44f260c9d2f063622f1f27b7c4006186280af0f7d36168a177588d2348e8ac6/analysis/1480314983/

HTML scan > INFECTED
https://virustotal.com/en/file/302ee7a5572a0509ab906d17f7dac48100e78572cfae9dfee15bb150d70660ba/analysis/1480315328/





Title: Re: JS:includer-BOF [Trj]
Post by: globinli on November 28, 2016, 07:53:16 AM
Thanks a lot for those link. I will pass it to the webmaster.

Amazingly, my friend also with Avast can access that site with an admin-login. Than no alert will come. When she login as normal user, her avast also find this virus ;-) strange  8)
Title: Re: JS:includer-BOF [Trj]
Post by: Asyn on November 28, 2016, 07:54:49 AM
Thanks a lot for those link. I will pass it to the webmaster.
You're welcome.