JS:Redirector-H7 [Trj]

[arthurk]

I found this as well 

Here is what was in my Log Viewer:

Sign of "JS:Redirector-H7 [Trj]" has been found in "C:\Documents and Settings\______\Local Settings\Temporary Internet Files\Content.IE5\0HQHO5IR\__utm6[1].js" file. 

Can anyone tell me what this trojan horse does? How can it effect my computer or personal info?
Thanks

[polonus]

Hi arthurk,

We will now proceed with a rootkit scan.

    * Please download Rootkit Revealer from here:
       http://download.sysinternals.com/Files/RootkitRevealer.zip
       and unzip the contents.
    * Run a scan with the application.
    * When the scan is complete, click File and Save, to save it.
    * Copy the contents of the log created into your next post.

The scan may take a while, so please be patient.

This scan will not alter your computer in any way,

If this does not bring anything:
You can start by clearing the temp files.

    * Start>Run>type "cmd"
    * Type "del %USERPROFILE%\LOCALS~1\Temp\*.*"
    * Hit return.
    * Type "del %WINDIR%\temp\*.*"
    * Hit return.
    * Exit the command prompt.


I we cannot seem to find that critical object in the WINDOWS folder, perhaps it was just a temp file. It is possible that this problem was caused by an object in the temp file. If the problem persists, please do not hesitate to ask more assistance,

polonus

[arthurk]

Thank you for your reply...

What will this do? I have already ran a Avast scan?

 

[polonus]

Well I edited the reply for this, note my previous posting,
just something in temp files that can be cleansed in that way,

polonus

[arthurk]

Ok, thanks...But again, what does this Trojan do? To my comupter and personal info on the computer?

Thank you for your time

[DavidR]

I found this as well  

Here is what was in my Log Viewer:

Sign of "JS:Redirector-H7 [Trj]" has been found in "C:\Documents and Settings\______\Local Settings\Temporary Internet Files\Content.IE5\0HQHO5IR\__utm6[1].js" file.  

Can anyone tell me what this trojan horse does? How can it effect my computer or personal info?
Thanks

Personally I would simply let avast delete it as it is a temporary file, delete temporary internet files in your browser and reboot.

I honestly don't believe to do a Rootkit Revealer scan, it isn't a very friendly tool just an analysis and I don't believe this JS:Redirector-H7 is related to any rootkit activity. I think polonus found this link, http://www.bleepingcomputer.com/forums/lofiversion/index.php/t43051.html%5B/t136502.html but that isn't for the file that was found on your system.

The malware redirects (hence the name) to a malicious site that will try to infect your system, the web shield and network shield should also protect against that.

[Mr.Agent]

Yes DavidR is true but for sure yes a Redirector is a virus that redirect you to a malicious site i was thinking if i should post the respond or no lol. Well DavidR was more brave on this way.

[arthurk]

Yes DavidR is true but for sure yes a Redirector is a virus that redirect you to a malicious site i was thinking if i should post the respond or no lol. Well DavidR was more brave on this way.

If the trojan redirects to a malicious site -- how do you know if you have been infected...I ran the Avast scan twice and have found no problems so far...

Thank you 

[polonus]

Hi Arthurk,

In my second reply I have already remarked that using the rootkit revealer was no longer necessary, because the find was in a temporary file that you easily could delete.
Because of avast shield you more likely than not never landed at the mailicous download site/found a malicious e-mail attachment, don't worry,
I think everything is fine now, you could still perform a full scan with MBAM form here: http://www.malwarebytes.org/mbam-download.php
You can also check the abvast logfiles if a connection to a JS-Redirector-HJ7 [Trj]-site was intercepted by your avast av-solution, it can be found in an email attachment that you'll need to locate and delete the entire email,

polonus

[Mr.Agent]

If the trojan redirects to a malicious site -- how do you know if you have been infected...I ran the Avast scan twice and have found no problems so far...

Thank you 

If you ran the Avast! scan and if he find no virus then you are ok. JS:Redirector are a script that is redirecting to another website which contain a malware and can cause your pc to turn into a zombie. But if Avast! seeing it and you moved it to the chest or deleted it then you are same with Avast! on this case. If you are not sure you can take the Malwarebytes like polonus said. But i dont think he is on your computer because Avast! did helped you to fight it so have fun on your computer.

And have a nice day.

Mr.Agent

[DavidR]

Yes DavidR is true but for sure yes a Redirector is a virus that redirect you to a malicious site i was thinking if i should post the respond or no lol. Well DavidR was more brave on this way.

If the trojan redirects to a malicious site -- how do you know if you have been infected...I ran the Avast scan twice and have found no problems so far...

If it happened to be active, not likely in this case some other html page would have to load off-line for it to call this javascript file before it could redirect anything. If and it is a big if, then firstly the network shield may have that malicious site on its block list and even if not, you also have the web shield's protection and a final fall back the standard shield. So I feel that the risk is minimal, certainly in this case.

Having run another scan without a result, you should be fine.

JS:Redirector are a script that is redirecting to another website which contain a malware and can cause your pc to turn into a zombie.

Contrary to Mr.Agent's comment, there is no certain action that is taken as it, a) depends on the site you are sent to and b) what the particular payload can change frequently. So you would never know what might be at the URL on the other end of the redirect.

[arthurk]

Thanks to all for the help...FYI - I am using Avast4 (free home edition)...I hope that is enough for now...

Thanks again 

[DavidR]

You're welcome.

It doesn't hurt to have anti-spyware/malware applications to compliment avast.

If you haven't already got this software (freeware), download, install, update and periodically run them.

• 1.  MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
• 2. SUPERantispyware On-Demand only in free version.

 
Don't worry about reported tracking cookies they are a minor issue and not one of securty, allow SAS to deal with them though.
1a. Or Spyware Terminator Resident scanner (if you use this don't install the toolbar or crawler or the anti-virus module). - I suggest trying them in order as the order that represents the better detection and clean-up. Some elements of the programs might not work if you have an older OS like win9x or winME, this is namely the resident protection in SpywareTerminator.

[arthurk]

I did download MalwareBytes Anti-Malware and ran it...all seems to be fine...and that should do it for now...

Thanks again and God Bless...

arthurk

[DavidR]

No problem.