Author Topic: JS Downloader in the Virus Chest (Read 15865 times)

sweets · « **on:** February 16, 2010, 11:12:52 PM »

On January 11th I got a virus detected notice while on line. I did nothing about it then but on Feb 4th I did a scan and detected JS:Downloader and not knowing what to do I immediately stuck it in the Virus Chest. My computer seems to be working fine but i don'y know what to do with or to the virus. Will you please help? I don't want to reinfect or delete any necessary files. I'm using Windows XP Home edition version 2002 IE 5, Avast edition 4.8 Home edition Thank you
File Name: go [1].htm FileID: 4 Virus Description: JS:Downloader JL[Trj]
C:\Documents and Settings\Stewart\Local Settings\Temporary Internet Files\Content.IE5\V3RNJ...

Pondus · « **Reply #1 on:** February 16, 2010, 11:44:40 PM »

Quote

I did a scan and detected JS:Downloader and not knowing what to do I immediately stuck it in the Virus Chest.

You did correct. this is probably from an infected website you have been surfing, so i would think this is safe to delete but leave it in the chest for some weeks before you do

Check your computer for Malware with

Have you tried Malwarebytes Antimalware http://filehippo.com/download_malwarebytes_anti_malware/
after install click UPDATE and run cuick scan, click on REMOVE SELECTED to quarantine anything found

SUPERAntiSpyware http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

If anything is found come back and post the scan logs here

sweets · « **Reply #2 on:** February 17, 2010, 12:12:57 PM »

If I delete the infected file as you say after several weeks, how can I be sure I'm not getting rid of something critical to my computer? Is there something I can do to clean the infected file in the Virus Chest and revert it back to it's status before the infection, without unleashing it on my computer? I'm using a dialup connection, so any downloads will be slow, maybe you can direct me to some sites with small downloads for malware cleanup.

Pondus · « **Reply #3 on:** February 17, 2010, 12:35:53 PM »

Quote

If I delete the infected file as you say after several weeks, how can I be sure I'm not getting rid of something critical to my computer?

That is why you wait several weeks to fiend out before you delete
The file is not working now when in chest/quarantine, so if your computer miss it, it will tell you
but this was found in Tempfile/IE

Not all files can be cleaned, and this file is not somthing you had in you computer, it is comming from the outside/internett
so your computer want miss it

Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm

sweets · « **Reply #4 on:** February 17, 2010, 02:32:20 PM »

Thank you.
Can you recommend any small malware apps that I can check my system with, (I use dialup), or should I just go with the ones you recommend above?
Also, if I'm not experiencing any problems, do you think I need to follow the steps at aumha.net, and report any hijackthis logs there?

Pondus · « **Reply #5 on:** February 17, 2010, 02:42:04 PM »

Try the ones i recomended, MBAM is the top dog,
you can also try HitmanPro http://www.surfright.nl/en/hitmanpro it is very light but you must be online when scanning, the free version only have 30 days of removal (read all the info on the web site)

If you still have problems or not sure you are clean, then you should follow the guide from essexboy,
post the logs and let him look at it, he is the malware expert
http://forum.avast.com/index.php?topic=53253.msg451454#msg451454

sweets · « **Reply #6 on:** February 18, 2010, 02:59:15 PM »

Do you know of any small apps that can clean/check the computer of malware, less than 1 MB of RAM, I use dialup service, thanks

sweets · « **Reply #7 on:** February 18, 2010, 08:14:04 PM »

The following was found on scanning with the malwarebyte's anti-malware app. Please look over and tell me what to do next. Thank you
Malwarebytes' Anti-Malware 1.44
Database version: 3756
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2/18/2010 2:07:25 PM
mbam-log-2010-02-18 (14-07-17).txt

Scan type: Quick Scan
Objects scanned: 121530
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\cpnprt2.cid (Trojan.Agent) -> No action taken.

Pondus · « **Reply #8 on:** February 18, 2010, 08:21:17 PM »

Prevx file info: CPNPRT2.CID
http://www.prevx.com/filenames/2891452574668740412-X1/CPNPRT2.CID.html

You should scan again and then click on REMOVE SELECTED to quarantine the infection

sweets · « **Reply #9 on:** February 18, 2010, 09:03:16 PM »

Yes I have removed it already to quarantine. But should i then delete it altogether?
What further needs to be done? The Prevx program found no threats at this time. Thank you

YoKenny · « **Reply #10 on:** February 18, 2010, 09:58:40 PM »

@ sweets

Order the Windows XP Service Pack 3 CD to get the system up to SP3 level as Windows XP Service Pack 3 has been available for over a year and a half plus it provides many Critical Updates and performance improvements:
https://om2.one.microsoft.com/opa/Validation.aspx?StoreID=7b7aa929-bd0a-487a-bc7e-df7631fee660&LocaleCode=en-us&JavaScriptOn=yes

IE8 is more secure than IE6 and has a lot better performance:
http://www.microsoft.com/windows/Internet-explorer/default.aspx

Go to PROFILE then Modify Profile then Forum Profile Information then Please select your country: then in Signature: put information about your system if you like just like my signature.

In Account Related Settings select Hide email address from public to prevent scammers and spammers harvesing your email address.

Go to Secunia Online Software Inspector then run it to see what other applications are vulnerable:
http://secunia.com/vulnerability_scanning/online

sweets · « **Reply #11 on:** February 19, 2010, 01:57:27 AM »

YoKenny,
Do you think that it is necessary to go to Windows XP SP3 and IE8? Aren't I just opening up a new can of worms and taking up valuable HDD space? Thanks

DavidR · « **Reply #12 on:** February 19, 2010, 02:02:55 AM »

You aren't opening a new can of worms, the can is already open.

sweets · « **Reply #13 on:** February 19, 2010, 02:06:36 AM »

Are you saying SP2 & IE6 are now unreliable?
Also I still use a dialup connection. Thanks

DavidR · « **Reply #14 on:** February 19, 2010, 04:30:32 AM »

Yes we are, not just unreliable but more vulnerable to exploit.

Google and a number of other companies are pushing to block access to their sites and services for users of IE6.

Author Topic: JS Downloader in the Virus Chest (Read 15865 times)

sweets

JS Downloader in the Virus Chest

Pondus

Re: JS Downloader in the Virus Chest

sweets

Re: JS Downloader in the Virus Chest

Pondus

Re: JS Downloader in the Virus Chest

sweets

Re: JS Downloader in the Virus Chest

Pondus

Re: JS Downloader in the Virus Chest

sweets

Re: JS Downloader in the Virus Chest

sweets

Re: JS Downloader in the Virus Chest

Pondus

Re: JS Downloader in the Virus Chest

sweets

Re: JS Downloader in the Virus Chest

YoKenny

Re: JS Downloader in the Virus Chest

sweets

Re: JS Downloader in the Virus Chest

DavidR

Re: JS Downloader in the Virus Chest

sweets

Re: JS Downloader in the Virus Chest

DavidR

Re: JS Downloader in the Virus Chest