« previous next »
Pages: [1]   Go Down

Author Topic: JS:ScriptIP-inf [Trj] found but removed with avast, am I safe now? Please help  (Read 2194 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
JS:ScriptIP-inf [Trj] found but removed with avast, am I safe now? Please help
« on: January 02, 2015, 10:14:57 AM »
Yesterday one of my computers told me it had found 5 files infected with JS:ScriptIP-inf [Trj].
All theese files were found in C:\Users\x\appdata\local\plex media server\plug-in support\Caches\com.plexapp.agents.opensubtitles\HTTP.system

All five files found in this catalog and subcatalogs, all were known as .content files.

There are many similar files in this catalog with similar names that avast say is safe. The files were due to avast last modified 2014 11 11 and 2014 11 02.

I just let avast remove the files to virus chest, and then reboot for upstart scan. Nothing found in upstart scan, nothing found in a second full scan and nothing found with a full Malwarebytes Antimalware scan. I have not seen any strange behavior.

Any help and explanation would be very appriciated. I have read that this virus could be a really bad one.

EDIT: I found this thread at opensubtitles: http://forum.opensubtitles.org/viewtopic.php?f=1&t=14946&p=30455
This made me start to suspect theese five files were false positives. So i extracted all five files from the viris chest and ran them at metascan-online.com and had no positive results. Virustotal fails to starts, its stuck on queued for analysis still.

EDIT2: Malwarebytes find all five files safe.

EDIT3: Virustotal results says only avast detect the virus, same result as my own avast. All other services lists it as not infected.
https://www.virustotal.com/sv/file/000b9d7eb5ba9b5d3dc0352348674b7e046a749642d4d8b5dafc1fabe13a9a29/analysis/1420195046/
https://www.virustotal.com/sv/file/843c491eaab3812e34bb5dca9b772f2f5386a48f283bba20b70c3c3f6b7c811a/analysis/1420192530/
https://www.virustotal.com/sv/file/3d54178c7eca38390ead022158d8d11c1dd4fb4002d681dc7581107e65a69533/analysis/1420193822/
https://www.virustotal.com/sv/file/aa6397a9ea8074997e2ed9a5d1ae119a56320b77a89e5b402404451fab9ccca4/analysis/1420194998/
https://www.virustotal.com/sv/file/9a92ef9e82965b4c98efa37f4cf745adf72af13ee49fb4f5915a2fd2a78450e3/analysis/1420195023/

Should i interpret this as a falsepositive?
« Last Edit: January 02, 2015, 11:47:49 AM by kasik76 »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37698
Re: JS:ScriptIP-inf [Trj] found but removed with avast, am I safe now? Please help
« Reply #1 on: January 02, 2015, 01:30:02 PM »
Quote
  EDIT2: Malwarebytes find all five files safe. 
This is not a filetype that malwarebytes target.......

Quote
Should i interpret this as a falsepositive?   
Or avast is/was first to detect..... it often is

Logged
Pages: [1]   Go Up
« previous next »