Trojan Problem

Krishnan · #1 April 16th, 2008, 10:34 AM

Whenever i browse a website i find u.asdafdgfgf/ads.js and my Nod32 detects this and provides the Virus name "Js/trojandownloader.Small.Js Trojan"

Please help me, I see this problem every time and Nod32 displays as connection terminated-Quarantined. Any permanent solution for this problem

Kosak · #2 April 16th, 2008, 11:10 AM

Hi, give us URL in CODE please.

Marcos · #3 April 16th, 2008, 11:12 AM

Send it to me in a PM rather than disclosing a link to a potential malicious script here.

Marcos · #4 April 16th, 2008, 12:09 PM

It's a malicious javascript code, we've found there the ANI exploit among others. A warning from the web protection should appear only when you visit a dodgy or compromised website.

Krishnan · #5 April 17th, 2008, 01:14 AM

Ok i will send it in Pm. I didn't visit any dodgy or compromised webpage

Marcos · #6 April 17th, 2008, 01:43 AM

Quote:

Originally Posted by Krishnan

Ok i will send it in Pm. I didn't visit any dodgy or compromised webpage

I have already replied above, there's nothing more I could add.

Krishnan · #7 April 17th, 2008, 05:42 AM

As i already i stated. I don't visit any dodgy or compromised webpage

trjam · #8 April 17th, 2008, 05:53 AM

Quote:

Originally Posted by Marcos

I have already replied above, there's nothing more I could add.

you cant just imply or accuse this member by saying this is the only way this can happen. That comment is totally uncalled for. What if this gentlemen was posting this with his wife because this happened for a legit reason. She reads your response and now assumes her husband is visiting dodgy sites.

solcroft · #9 April 17th, 2008, 06:06 AM

Quote:

Originally Posted by Marcos

A warning from the web protection should appear only when you visit a dodgy or compromised website.

In fact, Marcos, the more likely scenario is that NOD32 failed to detect a downloader or clicker trojan active in the user's PC, which repeatedly tried to access these URLs behind the scenes. I've seen and heard this happen numerous times.

Another example of ESET's philosophy of only adding "real-world" threats into the signature database and ignoring sample submissions.

PaulB2005 · #10 April 17th, 2008, 06:53 AM

Quote:

you cant just imply or accuse this member by saying this is the only way this can happen. That comment is totally uncalled for. What if this gentlemen was posting this with his wife because this happened for a legit reason. She reads your response and now assumes her husband is visiting dodgy sites.

Bit OTT? So what about a compromised site?

Quote:

I didn't visit any dodgy or compromised webpage

How would you know if it was compromised or not? It's been stated that the sample

Quote:

[is] a malicious javascript code, we've found there the ANI exploit among others.

so surely that's the answer? The website you visited that caused the alert looks to have been compromised as per the statement above.

Bit like when people ask "Every time i open this file i downloaded the anti virus said it was a virus, but i know it's not. What's wrong with my anti virus?"

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search