Infected by the JS/TrojanDownloader virus

Discussion in 'ESET NOD32 Antivirus' started by vitalyx, Jun 13, 2008.

Thread Status:
Not open for further replies.
  1. vitalyx

    vitalyx Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    2
    Hello,

    I have NOD32 the latest version with the latest updates installed, but yesterday got infected by the JS/TrojanDownloader virus which NOD32 doesn't see. I had to download a separate tool (SmitfraudFix) which removed the virus in the safe mode, but since NOD32 doesn't provide protection from it, I got infected again a few hours later :(
    The virus pastes the "<script language="javascript" SRC="~Link removed.~:53/ads.js"></script>" line before the <html> tag or in the <head> section of a site's page. Looks like it doesn't affect all sites however, in my case, that's only my site. My site's localhost files are intact (so there's no change I uploaded infected files), as well as server ones (so the virus isn't there too), so it resides somewhere in my computer and intercepts and modifies the data before I see it in the browser... It's a pity NOD32 lets this virus to do his dirty job... Looking forward for a fix!
     
    Last edited by a moderator: Jun 13, 2008
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    I'd rather say that you visit compromised websites that have been hacked either due to a vulnerability or a weak admin password. Java script is easy to obfuscate, one with average knowledge of Java can create a new code and obfuscate it to avoid detection. If you suspect that your computer has been contracted with a threat not detected by NOD32, send a log from ESET SysInspector to samples[at]eset.com with this thread's url in the subject.
     
  3. vitalyx

    vitalyx Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    2
    Thank's a lot for your reply. I sent a log to the mentioned email.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    It looks like a man-in-the-middle attack, so called ARP poisoning. I'd suggest installing ESS as the firewall should prevent such attacks.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.