JS/Kryptik.XQ trojan

Discussion in 'ESET Smart Security' started by Tyfelt, Sep 14, 2012.

Thread Status:
Not open for further replies.
  1. Tyfelt

    Tyfelt Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    31
    I clicked on a link I believed was genuine (and it may be, if the alert is a false positive). ESS immediately shut it down. It shows the following in its log:

    14/09/2012 18:21:30 HTTP filter file hxxp://skhtjo.ftp1.biz/ep/links/moving.php JS/Kryptik.XQ trojan connection terminated - quarantined X\Administrator Threat was detected upon access to web by the application: C:\Program Files (x86)\Mozilla Firefox\firefox.exe.

    I assume the page was not able to load thanks to ESS, but I also have NoScript running in Firefox just in case so I doubt any scripts would have been able to run even if the page were loaded. Routinely I have scanned everything with ESS and Spybot, in normal and safe mode. Nothing found. I have checked my HiJackThis log. Nothing abnormal.

    Is it reasonable to assume that no threat was passed onto my PC and that it is safe to continue as normal?
     
  2. Janus

    Janus Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    588
    Location:
    Europe - Denmark .
    Hello Tyfelt

    It's hard to guarantee anything, when it comes to possible leftovers, from a possible infection. But in this case it seems that, Eset have caught the Trojan before it could do damage to your system. But anyway it was wise of you to do a second scan with other Av engines. (Personally I would use Malwarebytes and Hitman Pro as second opinion scanners). Those times I have been Gaming or surfing the net, and where hit by injection malware and so on, then I have never been able to find any malware on my sysytem afterwards. Bye the way, do you have Recovery software installed on your system, ( Acronis, Paragon e.g) , if not then I would say that this is probably the most important security software to have on your system. It can save your day, many times.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Definitely it's not a false positive. Nonetheless, the infected page was blocked at the network level before it could reach your system.
     
  4. Tyfelt

    Tyfelt Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    31
    Thank you again.
     
Thread Status:
Not open for further replies.