JS: Agent - DIE [Trj]

[REDACTED]

Hello,

I noticed my computer running very slow. So I scanned it with avast. It found nothing. I then ran a scan at boot that found JS: Agent - die Trj. It was in my Firefox settings. I am wondering if there is a way to tell when the infection happened. I just made a backup of my hard disk with macrium 2 days ago and I want to know if it and or my hard drive is infected. Also is there a way to see what the Trojan did or if it was able to install malware or copy files?

[Eddy]

https://forum.avast.com/index.php?topic=53253.0

[Pondus]

I then ran a scan at boot that found JS: Agent - die Trj

in your firefox cache/temp folder i guess .... most likely a leftover from a infected website

[REDACTED]

Taking forever to finish I'll upload asap.

[REDACTED]

Well this time there will be three files. However I don't know how to get them to display.

[REDACTED]

Is there any way to figure our what files were accessed or uploaded?

[essexboy]

Hi this is something new

I may need to take several runs at this

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Unlock: C:\WINDOWS\System32\drivers\cdsmxbdr.sys
Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcqixu
DisableService: dcqixu
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
C:\ProgramData\MakeMarkerFile.exe
C:\WINDOWS\System32\drivers\cdsmxbdr.sys
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

I am totally glad you are trying to help me fix this issue. But can you please let me know if there is a way to see what was accessed if anything. Do I need to change all of my passwords? I never type them in I used a password utility. I do type my master password in that. Also were my files messed with?

The computer its self is going to get wiped and reinstalled either with my backup or my installation disc.

[Michael (alan1998)]

I doubt that the system will need to be wiped. Essexboy has almost resolved all issue realting to Trojans/Viruses without the need for wiping the HDD clean.

Do I need to change all of my passwords?

It never hurts to change your passwords every month or so. It'll only help you. So, yes.

[REDACTED]

Well the fix has been running for a few hours now.

[essexboy]

OK stop FRST, there should be a fixlog on the desktop could you post that and then run the following programme:

 Download AVZ tool from here to your desktop
Unzip all files to a folder on your desktop
Open the folder and double click the AVZ icon
When the tool opens select "File" > "Standards scripts"


Place a tick in :

  3.   Advanced  System Analysis with malware removal mode enabled
5. Update signature database

Then press "Execute selected scripts"


There will be several warnings, OK them all and the system will reboot on completion of the analysis

After the reboot look in the folder AVZ4 on your desktop
Open the LOG folder
Place the zip file in your dropbox public folder and post the sharing link in your next post   KL_syscure.zip

[REDACTED]

Well I thank all of you for your help but my computer crashed and I have to get my computer up and running because I have homework due tomorrow. So i am just going to re-image my drive and hope the issue happened after my backup was done. I assume I can just use Avast and Malware bytes to do a scan of the fresh install and find anything that may be an issue. Would you guys do anything else? I would have liked to resolve this issue with out the wipe but my homework can not wait.

[essexboy]

Not  a problem with re-imaging.  I t was the quickest option

Aye Avast and MBAM should suffice 

[REDACTED]

Can you guys recommend a forum about personal security to prevent this from happening? Should I start running things in a sandbox?

[essexboy]

To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe  :wave: