Trojan blocked

Discussion in 'malware problems & news' started by Suggers, Jun 18, 2006.

Thread Status:
Not open for further replies.
  1. Suggers

    Suggers Guest

    I was surfing a website recently (a legitimate website thats been running for a couple of years, not a dodgy one) and my kaspersky antivirus blocked "Trojan-downloader.HTML.agent.aq" in realtime. This happened again when i revisited the site an hour later, the site owners must have been informed as a couple of hours later trojan had been removed and no more antivirus warnings were going off.

    My internet explorer settings are high and I have most of the settings on 'prompt' or 'disabled' - I was under the impression that you had to Download a file in order to catch a trojan but all I was doing on this site was accessing the homepage.
    Are there many trojans like this; that try to attack your computer simply by viewing the webpage?
     
  2. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
  3. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Everytime you visit a website you DO download a file; in fact you download lots of them! Every image you view, for example, will be written to your HD and all these files can be found in the Content.IE5 folder of your Temporary Internet Files.
    Of course there are. A maliceous website will embed exploits into the web page, so that when you visit the site the dangerous files automatically become placed into your TIFs. If you are vulnerable to the exploit you could end up with a Trojan downloader on your system which, in turn, will load you with spyware etc.

    When an AV intercepts one of these exploits it should delete it and inform you that it has found such and such a Trojan (though in reality it is usually the exploit rather than the associated Trojan that is found). You cannot 'repair', 'treat', 'disinfect' (or whatever laguage the AV uses) these files, you simply delete them and that should be the end of the matter - unless you come up against something your AV does not recognise, in which case, it would be possible for the downloader to get onto your system and do its dirty work.

    If you use an AV with a web shield (eg KAV 6) then the shield will block the exploit before it gets into your TIFs so there will be nothing to delete in that case. But a web shield does not necessarily make you safer, since, from the practical standpoint, blocking and deleting will both be equally effective.

    It is always sensible to clear out your temporary locations on a regular basis and for that purpose there are a number of good free cache cleaners available; eg:-

    http://www.ccleaner.com/

    http://www.stevengould.org/software/cleanup/

    http://www.buttuglysoftware.com/
    It's possible you would not have been vulnerable to the attack in any case, but your AV will still find the baddy if it can.
     
    Last edited: Jun 18, 2006
  4. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    If it is a HTML virus (like in HTML emails), then disabling WSH should prevent it from running.
     
  5. Suggers

    Suggers Guest

    Thanks all for the replies/advice.
     
Loading...
Thread Status:
Not open for further replies.