JS/Kryptik.XQ trojan

I clicked on a link I believed was genuine (and it may be, if the alert is a false positive). ESS immediately shut it down. It shows the following in its log:

14/09/2012 18:21:30 HTTP filter file hxxp://skhtjo.ftp1.biz/ep/links/moving.php JS/Kryptik.XQ trojan connection terminated - quarantined X\Administrator Threat was detected upon access to web by the application: C:\Program Files (x86)\Mozilla Firefox\firefox.exe.

I assume the page was not able to load thanks to ESS, but I also have NoScript running in Firefox just in case so I doubt any scripts would have been able to run even if the page were loaded. Routinely I have scanned everything with ESS and Spybot, in normal and safe mode. Nothing found. I have checked my HiJackThis log. Nothing abnormal.

Is it reasonable to assume that no threat was passed onto my PC and that it is safe to continue as normal?

 

Hello Tyfelt

It's hard to guarantee anything, when it comes to possible leftovers, from a possible infection. But in this case it seems that, Eset have caught the Trojan before it could do damage to your system. But anyway it was wise of you to do a second scan with other Av engines. (Personally I would use Malwarebytes and Hitman Pro as second opinion scanners). Those times I have been Gaming or surfing the net, and where hit by injection malware and so on, then I have never been able to find any malware on my sysytem afterwards. Bye the way, do you have Recovery software installed on your system, ( Acronis, Paragon e.g) , if not then I would say that this is probably the most important security software to have on your system. It can save your day, many times.

 

Definitely it's not a false positive. Nonetheless, the infected page was blocked at the network level before it could reach your system.

 

Thank you again.