Infected by the JS/TrojanDownloader virus

Hello,

I have NOD32 the latest version with the latest updates installed, but yesterday got infected by the JS/TrojanDownloader virus which NOD32 doesn't see. I had to download a separate tool (SmitfraudFix) which removed the virus in the safe mode, but since NOD32 doesn't provide protection from it, I got infected again a few hours later
The virus pastes the "<script language="javascript" SRC="~Link removed.~:53/ads.js"></script>" line before the <html> tag or in the <head> section of a site's page. Looks like it doesn't affect all sites however, in my case, that's only my site. My site's localhost files are intact (so there's no change I uploaded infected files), as well as server ones (so the virus isn't there too), so it resides somewhere in my computer and intercepts and modifies the data before I see it in the browser... It's a pity NOD32 lets this virus to do his dirty job... Looking forward for a fix!

 

I'd rather say that you visit compromised websites that have been hacked either due to a vulnerability or a weak admin password. Java script is easy to obfuscate, one with average knowledge of Java can create a new code and obfuscate it to avoid detection. If you suspect that your computer has been contracted with a threat not detected by NOD32, send a log from ESET SysInspector to samples[at]eset.com with this thread's url in the subject.

 

Thank's a lot for your reply. I sent a log to the mentioned email.

 

It looks like a man-in-the-middle attack, so called ARP poisoning. I'd suggest installing ESS as the firewall should prevent such attacks.