Author Topic: Avast webshield is infected with JS:ScriptSH-inf [Trj] (Read 1095 times)

kvintanzil · « **on:** February 01, 2024, 06:03:15 AM »

Just ran a fullscan today and the result is AVAST's webshield.txt located in C:\ProgramData\AvastSoftware\Avast\report\WebShield.txt is detected as JS:ScriptSH-inf [Trj]
What does this mean? how come avast's own software got infected while I have the application running and no notification ever shows up? is it false positive?

polonus · « **Reply #1 on:** February 01, 2024, 10:04:11 PM »

Contact: https://support.avast.com

If this is not a FP detection and you are really infested with such a trojan use the following general cleansing routine.

Do an additional scan with MBAM

Another method to cleanse it from your device: Windows 10 / Windows 8
Push thePower button in Windows start-up screen.
Now push Shift on the keyboard and keep pressed down, then click Restart.
Then select Troubleshoot → Advanced options → Startup Settings en finally push Restart

As soon as your pc re-activates, select Enable Safe Mode through Command Prompt in Startup Settings window.
When Command Prompt shows up, give in CD restore and then enter.
Now type rstrui.exe and again click enter.
In a new window click Next and choose a point of restore (date) that lies before the infection through JS:Script-inf[Trj].
Now again click Next.
Click Yes to start system restore.

Now again scan with MBAM (MalwareBytes) to see whether your system is free of this crypto-/ransomware trojan.

Info source: ESolutions

polonus

kvintanzil · « **Reply #2 on:** February 02, 2024, 03:06:32 PM »

Quote from: polonus on February 01, 2024, 10:04:11 PM

Contact: https://support.avast.com

If this is not a FP detection and you are really infested with such a trojan use the following general cleansing routine.

Do an additional scan with MBAM

Another method to cleanse it from your device: Windows 10 / Windows 8
Push thePower button in Windows start-up screen.
Now push Shift on the keyboard and keep pressed down, then click Restart.
Then select Troubleshoot → Advanced options → Startup Settings en finally push Restart

As soon as your pc re-activates, select Enable Safe Mode through Command Prompt in Startup Settings window.
When Command Prompt shows up, give in CD restore and then enter.
Now type rstrui.exe and again click enter.
In a new window click Next and choose a point of restore (date) that lies before the infection through JS:Script-inf[Trj].
Now again click Next.
Click Yes to start system restore.

Now again scan with MBAM (MalwareBytes) to see whether your system is free of this crypto-/ransomware trojan.

Info source: ESolutions

polonus

I ran a full system scan with Malwarebytes premium and it returns with 0 detection, does that mean it's a false positive?
with Avast full system scan it got detected though so I've put the .txt file in quarantine as avast suggested for now

Pondus · « **Reply #3 on:** February 02, 2024, 03:48:31 PM »

The .txt file would not be detected by Malwarebytes as it does not target script/doc/media files

polonus · « **Reply #4 on:** February 03, 2024, 02:32:23 PM »

Thanks Pondus for pointed that out.

Wait for a verdict by avast's, but it could well be a false positive find.
Haven't we been there before? It could always be 'in the game' with so-called generic finds.

polonus

Author Topic: Avast webshield is infected with JS:ScriptSH-inf [Trj] (Read 1095 times)

kvintanzil

Avast webshield is infected with JS:ScriptSH-inf [Trj]

polonus

Re: Avast webshield is infected with JS:ScriptSH-inf [Trj]

kvintanzil

Re: Avast webshield is infected with JS:ScriptSH-inf [Trj]

Pondus

Re: Avast webshield is infected with JS:ScriptSH-inf [Trj]

polonus

Re: Avast webshield is infected with JS:ScriptSH-inf [Trj]