Author Topic: avast has found a JS redirector-cek trojan  (Read 935 times)

0 Members and 1 Guest are viewing this topic.

Offline gianfry

  • Newbie
  • *
  • Posts: 5
avast has found a JS redirector-cek trojan
« on: October 04, 2023, 03:23:52 PM »
Hi everyone, I wanted to ask you if what Avast found is a false positive or not, there is probably another program that has modified the files, what do you suggest I do?
« Last Edit: October 04, 2023, 09:28:45 PM by gianfry »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88747
  • No support PMs thanks
Re: avast has found a JS redirector-cek trojan
« Reply #1 on: October 04, 2023, 04:17:05 PM »
It is best to attach images to the post, many won't visit unknown 3rd party site/content.

- Attaching Images to your post - When you Click the Reply button it opens a text window for you to post your comment (reply or post).
Click the Preview button, that shows what you have input and expands it to include 'Attachments and other options'. Click that it further expands, here you can attach images, etc. at the bottom of your post.
See my attached image, click to expand.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline gianfry

  • Newbie
  • *
  • Posts: 5
Re: avast has found a JS redirector-cek trojan
« Reply #2 on: October 04, 2023, 04:30:04 PM »
sorry, I thought it looked good but you have to click the link to see the screenshot, it was a site for uploading images, nothing dangerous, anyway I uploaded the image
« Last Edit: October 04, 2023, 09:28:24 PM by gianfry »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37467
  • Not a avast user
Re: avast has found a JS redirector-cek trojan
« Reply #3 on: October 04, 2023, 04:34:24 PM »
Quote
I wanted to ask you if what Avast found is a false positive or not
Upload detected file to www.virustotal.com and find out


Post link to scan result here

« Last Edit: October 04, 2023, 04:36:03 PM by Pondus »

Offline gianfry

  • Newbie
  • *
  • Posts: 5
Re: avast has found a JS redirector-cek trojan
« Reply #4 on: October 04, 2023, 09:27:21 PM »
thanks, it seems to me that avast has quarantined it, so to upload it to virus total I should remove it from quarantine? :-\

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88747
  • No support PMs thanks
Re: avast has found a JS redirector-cek trojan
« Reply #5 on: October 04, 2023, 09:35:43 PM »
thanks, it seems to me that avast has quarantined it, so to upload it to virus total I should remove it from quarantine? :-\

What was the link to the VT results ?

I would leave it there for now where it can't do any harm.

The process that triggered the alert looks somewhat strange, is that known to you ?
Whilst it isn't unheard of for MicrosoftApps to communicate with the internet, this path to the HrTxr.exe looks strange at the very least.  Do you use any Microsoft communication apps ?

EDIT:  I didn't read your reply very well I thought you had uploaded it already, presumably yo only have the HrTxr.exe file in quarantine.  If so don't restore it back to its original location or whatever triggered it could do it again. 

Go to the Quarantine and hover the mouse pointer over the entry - that should display a trash icon and three dots, this gives other options, don't use restore and add exception (or next time it wouldn't be blocked).  Create a temporary folder anything really, but a name which would make it obvious what it is, Temp-Quarantine, somewhere you can easily find it.  Add that location to the Avast exceptions so it doesn't alert when you sent it there, use the Extract option.  See attached image.

Now you should be able to upload it to Virus Total.
« Last Edit: October 04, 2023, 09:53:09 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline gianfry

  • Newbie
  • *
  • Posts: 5
Re: avast has found a JS redirector-cek trojan
« Reply #6 on: October 05, 2023, 04:52:23 PM »
 Thank you for the time you are dedicating to me, if I use Microsoft communication programs? no I don't even use Outlook, I enter Outlook from the web, I have very few programs active in the background, now I'll try to follow what you told me to extract the file safely from quarantine and upload it to virus total
« Last Edit: October 05, 2023, 05:00:57 PM by gianfry »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88747
  • No support PMs thanks
Re: avast has found a JS redirector-cek trojan
« Reply #7 on: October 05, 2023, 05:36:40 PM »
The best way to post the VT information is using the link to the results (and post it in the post) as it allows us to look at the different sections.

It wouldn't be the first time that malware has taken advantage of/misused an MS function to gain access to the internet.  As many would consider such connection legit.

See this information - https://answers.microsoft.com/en-us/windows/forum/all/what-is-hxtsrexe-in-windows-10/19176b3a-98d9-4a7b-aaff-6a1d4d7c9d0e - whilst this is old it is still valid that it is being misused.  Hopefully with that script .html file is in quarantine, this won't happen again. 

Whatever, initiated this html file being created and run by the MS app, isn't known and it could happen again.  So it may be worth running an Avast scan of your system.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline gianfry

  • Newbie
  • *
  • Posts: 5

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37467
  • Not a avast user
Re: avast has found a JS redirector-cek trojan
« Reply #9 on: October 05, 2023, 06:42:28 PM »
Seems to be a correct detection, and in one hour it is up from 15 to 16


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88747
  • No support PMs thanks
Re: avast has found a JS redirector-cek trojan
« Reply #10 on: October 05, 2023, 07:27:49 PM »
sorry I didn't realize I could share the link https://www.virustotal.com/gui/file/bfe0fed6955b0e2ea332a1e1f4c917c91be51bd16a96e9a8228a8f3d06ba9b74/detection

Not a problem, using the forums for a first time can be a little daunting.

Links to the VT results are fine, as they help with analysis, links to unknown sites/content somewhat different.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security