JS:Redirector-BOS [Trj] when using Bittorrent.exe

[stretch65]

Hi,

Everytime I connect to my VPN (ExpressVPN) and then run Bittorrent, AVAST Pro-Antivirus is reporting the following:


URL:   http://tracker.irc.su/scrape?info_hash
Infection:   JS:Redirector-BOS [Trj]
Process:  C:\Users\Owner\...\BitTorrent.exe


What is this, and how do I get rid of it?  Can someone help me out please?

Thanks.

[mikaelrask]

hey and welcome to the forum

please follow this guide and attach your logs ( we need the logs from mbam, otl and aswmbr)

http://forum.avast.com/index.php?topic=53253.0

a malware expert will help you from there

good luck.

[mikaelrask]

bump you still need help?

one of your torrent have infect you, avast is blocking the trojan to spread anymore that is way you get the avast popup.

[stretch65]

Sorry for the delay.  The city where I live has been enduring a heatwave.  For the last few days I've been doing as little as possible and using just my tablet (and not my desk rig which is the infected computer).  I'll run the programs that you recommended as soon as possible.  Thanks for your patience.

[stretch65]

OK, I followed the instructions you gave and I've run the 3 programs - MBAM, OTL, and aswMBR.

All the log files are attached, except that when I ran OTL it did not produce an 'Extras.txt' log.  Also when I ran 'aswMBR.exe' this produced an extra file called 'MBR.dat' - I'm not sure if this is important - the forum wouldn't allow me to attach it.

I hope all this is useful.

[Michael (alan1998)]

Sorry to Step on your toes Mikaelrask.

Remover Notified.

General P2P warnings Here:
- http://usatoday30.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm
- (Removed, Not Working)
- http://www.fbi.gov/scams-safety/peertopeer/oeertopeer
- http://www.infoworld.com/d/security-central/update-seattle-man-arrested-p-p-id-theft-103

[magna86]

I'm on it ...

[magna86]

Hi stretch65,

Posted logs appears clean. They are shows no malware activity.

---   ---   ---   ---   ---

Btw, Malwarebytes hasn't detect malware but PUP (we call them as Adware or bad Toolbar ...) but the detected items are only remnants, no-active items.
If you look better MBAM log ...

Files Detected: 7
C:\$RECYCLE.BIN\S-1-5-21-2123464333-2543343797-3665346480-1000\$R826JN0.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\AH85MZxL.exe.part (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\QHr8lqqr.exe.part (PUP.Optional.Installrex) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ULkfNORQ.exe.part (PUP.Optional.Installrex) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\X+lEJ_Ge.zip.part (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\InternationalPrimoPDF.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\Unlocker1.9.2.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

...you can see that Malwarebytes has just deleted one already deleted file (file has been in recycle bin), clean up your all *.exe but PUP related files in user temp folder by the way MBAM has deleted a few bad installers in Download folder.


---   ---   ---   ---   ---

URL:   http://tracker.irc.su/scrape?info_hash
Infection:   JS:Redirector-BOS [Trj]
Process:  C:\Users\Owner\...\BitTorrent.exe

Detection is BitTorrent software related and can be considered as FP detection.


---   ---   ---   ---   ---

> Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.




---   ---   ---   ---   ---

PS: From aswMBR log ...

19:36:29.366    Disk 1 MBR has been saved successfully to "F:\Dropbox\Cleanup\MBR.dat"
19:36:29.366    The log file has been saved successfully to "F:\Dropbox\Cleanup\aswMBR.txt"


How did you do this, please tell me? 
You may delete MBR.dat file from dropbox.

[mikaelrask]

Sorry to Step on your toes Mikaelrask.

Remover Notified.

General P2P warnings Here:
- http://usatoday30.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm
- (Removed, Not Working)
- http://www.fbi.gov/scams-safety/peertopeer/oeertopeer
- http://www.infoworld.com/d/security-central/update-seattle-man-arrested-p-p-id-theft-103

no problem alan

[stretch65]

Hi magna86,

Thanks for all the information.  I'm not sure why aswMBR.exe created the MBR.dat file - I just ran it as instructed - I didn't select any other settings.

You mentioned that:  "Detection is BitTorrent software related and can be considered as FP detection."
Does that mean I should raise this problem with the developers of the Bittorrent client that I'm currently running?

[magna86]

Does that mean I should raise this problem with the developers of the Bittorrent client that I'm currently running?

Bittorrent program is by itself malicious. Not only as it is a source of new infections but you can download illegal content from the Internet to "steal" products from people who have created some program or something else ...

What exactly is the problem, from here I can not say.