JS/NoClose.gen trojan

Discussion in 'malware problems & news' started by snapdragin, Jan 3, 2003.

Thread Status:
Not open for further replies.
  1. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    just to be on the safe side...i thought i'd ask first, before i do anything else, about this JS/NoClose virus.

    my daughter was searching through Yahoo Search for some pictures of a band she likes and used the search words: Good Charlotte Pics. She clicked on the 2nd link listed and Amon popped up along with half a dozen browser windows. She was using Netscape 4.7. She was finally able to get all these windows closed then came and got me.

    i clicked on the "information" tab in Amon and this is what it said:
    ---------------------
    "Virus was deteced on a newly created file (e.g. file copied or extracted from an archive). This does not mean the virus be active in the computer. It is recommended the file either to delete or clean.

    File or boot sector is suspected to be infected by a virus resembling one from Amon virus database. Most probably the virus represents a new variant. However, this might also be a false alarm. Please send us a sample of the suspected file or boot sector.

    RECOMMENDED ACTION: The virus can not be cleaned using Amon. It is recommended that you delete the file.

    File C:-->Program Files-->Netscape-->Users-->(my name)-->cache-->MOILAISr - probably modified JS/NoClose.gen trojan.
    The virus was detected on the newly created file. Amon can not clean this virus."
    ---------------------

    i had Amon export the file to the Eset folder and save it in a safe format....then did a full system scan with NOD32. The infected file still showed up in my ProgramFiles folder though. i did a manual search for it, but i can't find it anywhere to delete it. i also read up on it and it seems that other's are also unable to find the infected file manually.

    so....what i am wondering, if i can not find it to delete it...how do i make sure it is gone? Will it be "gone" if i just delete my cache?

    i have done a full system scan with TDS-3 and also Trojan Hunter...but neither of them report back anything wrong.

    any suggestions would be appreciated.....didn't want to shut down my pc until i was sure it was not infected.

    The OS is Win98se.

    thank you...:)

    snap
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    It certainly does sound like it's just a temporary file, cached by Netscape from the bad webpage. Emptying the cache from within Netscape should clear that folder and with it the virus. (When I was using those older versions of Netscape, I had a batch file I would run to guarantee that all files in the cache directory were fully erased, not essential, of course, but what the heck ;) You could also do this if you are using any file eraser software.)

    LowWaterMark
     
  3. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi LowWaterMark...and thank you for your quick reply...:)

    i don't really have any batch file (program?) that i use on the Win98se to clean temp folders....well, i use spider.

    i was thinking (and hoping) that just empyting the temp folder in Netscape would clean it out...but with not being able to manually find it...i wasn't sure. i did search through the threads here for something similiar and it seems that is also the recommended procedure to clean the cache folder.

    so i will go do that now then do a full scan again and hope NOD gives it a clean bill of health and i can go to bed. LOL

    dang i really don't like those things...grrrgrgrrr...

    thank you :)

    snap
     
  4. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    yepyep! that did it! i cleaned all cache just to be on the safe side that it didn't sneak into any other area...and ran NOD32 full (deep) scan again and no viruses were found. :)

    Thank you again LowWaterMark! :)

    warm regards,

    snap
     
Loading...
Thread Status:
Not open for further replies.