Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected(?) By Js/downloader.agent


  • Please log in to reply
8 replies to this topic

#1 bloomcounty

bloomcounty

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 26 September 2008 - 12:30 PM

Hi,

I've never had a virus before, but when I went to a webpage for my work, I got a virus pop-up from AVG 7.5 A/V Free that it found a virus (or something like that). I chose the "move to virus vault" option. Going into AVG virus vault, here is the information on it:

Object Name: 3578E2D9d01
Object Path: C:\Documents and Settings\<username>\Local Settings\Application Data\Mozilla\Firefox\Profiles\<profile_name>.default\Cache\
Discovery: Virus identified JS/Downloader.Agent
Date of detection: 9/26/2008 10:06:10 AM
Source computer: <My Computer Name>
Finder: <username>
File Size: 44 KB (45143 bytes)
Healable: No
source: Moved object
Status: infected


My computer stats (browser, etc.) is in my sig below.

I'm going to run an AVG Scan right now, as well as a SAS Free and AVG A/S Free scan too. I will post back any results.

In Firefox, I have it set to allow JavaScript (but not Java) -- just fyi. Also note that I do not have Java installed on my computer (though I guess that's different than Javascript, right?)

Why did this happen? What do I do now?

I cleared my Firefox cache (and IE just for the heck of it).

Do you need any more info?

Do I empty the virus vault and delete the thing?

Is my computer messed up or did AVG do it's think and I'm 100% a-okay as before?

Any help is appreciated! (Like I said, I've never had a virus before... :flowers: )

:thumbsup:

Edited by bloomcounty, 26 September 2008 - 12:43 PM.

My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

BC AdBot (Login to Remove)

 


m

#2 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 26 September 2008 - 01:16 PM

Okay, I did the AVG A/V 7.5 Free scan in normal mode -- and it flagged this as a virus:

PC-Decrapifer-1.8.3.exe as Worm/Autoit.DCC

I moved it to the vault too -- but I'm thinking this is just a coincidence as it's a freeware program I used one time on my old laptop to get rid of stuff (it was from a safe site and marked virus free, etc.). I've never actually used it on this laptop -- just had it in my folder of downloaded program files.

However, it's never been flagged as a virus before -- so I'm guessing that there's something in the more recent AVG 7.5 Free A/V definitions that flags this as a false-positive?

This can't have anything to do with the virus issue in my first post, can it?

I think my computer is just trying to give me a heart attack... :thumbsup:

Thanks again!
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#3 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:11 PM

Posted 26 September 2008 - 01:41 PM

take 2 aspirin

the malware in cache would be harmless if it didn't execute, you visited a bad web page and it was embedded there, that's why I have the noscript addon with firefox

the PC-Decrapifer-1.8.3.exe, if downloaded from the offical or legitimate links is a false positive

Surely you can find a better AV than avg free 7.5
Chewy

No. Try not. Do... or do not. There is no try.

#4 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 26 September 2008 - 02:58 PM

take 2 aspirin

the malware in cache would be harmless if it didn't execute, you visited a bad web page and it was embedded there, that's why I have the noscript addon with firefox

the PC-Decrapifer-1.8.3.exe, if downloaded from the offical or legitimate links is a false positive

Surely you can find a better AV than avg free 7.5


I'm calmer now... :thumbsup:

I'll upgrade to AVG Free 8.0 *when* they stop updating 7.5. It seems to work fine for me -- it caught this thing after all! :flowers:

So should I now go into AVG virus vault and choose "wipe object" for each one?

(I'm going to add no-script one of these days...)

Thanks!
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#5 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:11 PM

Posted 26 September 2008 - 03:15 PM

The definitions are really only half of an av or malware scanner, just as important is the scan and protection engines that have to be modified or evolved to cope with newer malware

That's why the best scanner today puts out frequent core updates and new defintions

MBAM


The consensus in the malware community is dump 7.5

bronze it and put it on the mantle, plant it and place flowers, say a few words, shed a tear or two

Avira free is a better product

let's do a scan with MBAM, I don't trust avg

http://www.bleepingcomputer.com/forums/ind...mp;#entry944365
Chewy

No. Try not. Do... or do not. There is no try.

#6 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 28 September 2008 - 09:35 AM

Hi DaChew,

Thanks for the reply. I'm out of town, so I can't do this until I'm back home (which is Tuesday). I have some questions in the meantime, if you could answer them?

1. What is JS/Downloader.Agent? I'm thinking maybe this is a generic term for a lot of things, and in my case, it's actually not a virus, but something that my work website uses in javascript when you go to their site (?) but AVG (thankfully) marks it as a virus. Otherwise, how/why would a webpage for my work have a virus attached to it? Especially if the page isn't really "live" (as it's not currently linked to by any other pages). Thoughts?

2. How can I be sure that JS/Downloader.Agent *didn't* run? If my AVG immediately caught it and I chose to move it to the quarantine, does that mean it *didn't* run?

3. Could the JS/Downloader.Agent have somehow caused the PC-Decrapifier program to show up as a virus or whatever in AVG all of a sudden? (Like I said, the last scan I did, which was about a week or two ago did not have that program show up as such.) But it sounds like a new false-positive in definition updates that I would have got after that previous scan, correct?

4a. Re: MBAM -- I'm always super-careful when installing a new program. I'm assuming this program is 100% spyware/malware/anything bad free, right? (I guess you wouldn't recommend it if it wasn't! :flowers: )

4b. Will installing/running it conflict with *any* of the Firewall-A/V-A/S programs I currently have on my laptop (see sig. for list) or AVG 8.0 Free or Spyware Blaster 4.1 (both of which I'll be upgrading/installing in the semi-near future)?

4c. Does MBAM uninstall easily/cleanly? Or does it cause any changes to my system (especially that can't be undone)?

4d. Are there any known problems with installing/using/uninstalling MBAM?

5. With the two things in the virus vault in AVG, do I choose "wipe" to get rid of them now?

If you could let me know your thoughts on the above in the meantime, that would be great! And I'll plan on installing/running MBAM when I get home (as long as there's no issues with doing so -- or unless you decide I don't need to after all).

[Note: I have dial-up, if that makes any difference with anything... Also, I scanned with AVG 7.5 A/V in safe mode and SAS in regular mode and neither found any problems.]

Looking forward to hearing back -- thanks!

:thumbsup:

Edited by bloomcounty, 28 September 2008 - 09:40 AM.

My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#7 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 28 September 2008 - 09:47 AM

6. Just did a Google search and I found a report that JS/Downloader.Agent being found by AVG Free could very well be a false-positive. Any truth to this...?

Thanks again!

(Also note I have Firefox 2.0.0.16 and have not yet updated to 2.0.0.17 -- if that makes any difference with the security updates that were added to the newer version. Will update this week when back home.)
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#8 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:11 PM

Posted 28 September 2008 - 09:57 AM

JS/Downloader can be a false positive, the avg people just say

Empty your temporary internet files... then scan to see if that didn't clear it up. If it returns after that... you are getting it from a website you visit.


MBAM is safe and the scanner can't conflict with anything but malware


I can NOT imagine having a computer and not using MBAM


added not

Edited by DaChew, 28 September 2008 - 10:41 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#9 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 28 September 2008 - 10:10 AM

I'm hoping you meant to say "can't" there... :flowers:

I looked at the MBAM site... the link you provided to download the program from BC here, that is a free program, correct? Is it the kind of thing that you have to install the full thing, but then pay if you want to use all the features? (I'd only be interested in the free version.)

I can just use the free version, correct? Does it give any popups, etc. about updating to the paid version?

Does the program call home on it's own or can you set it to not automatically check for updates or call home or anything like that? (I prefer to do all these things manually and generally don't use programs that "call home" on their own -- plus, I have dial-up.)

Finally, do I choose "wipe" in my AVG virus vault to now get rid of the JS/Downloader.Agent thing it found?

Thanks! :thumbsup:

Edited by bloomcounty, 28 September 2008 - 10:11 AM.

My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users