Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.js.pakes.br


  • Please log in to reply
5 replies to this topic

#1 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:31 PM

Posted 22 April 2010 - 03:15 AM

Hi Everyone,

I am hoping someone can give me some info on this virus that was detected when it was downloaded to my temporary internet files from a trusted TV listings site I have used for years. I am thinking it had to have come from an ad on the site as I had the site opened for a very long time before this happened but had just reloaded the time of listings on it. The ads tend to change when you do that.

My virus program deleted the file but since I had not closed out the site, it redownloaded immediately. I then closed the site which deleted the file since temp internet files are deleted when I close IE but since it is a site I use often, I would like to have some info on trojan.js.pakes.br and I cannot really find any doing a google search.

Does anyone know if it is dangerous or what it does if it remains on a system?

I am afraid to go back to that site, even though I know it has been virus free for years. I sent them an email alerting them to this and trust that they will soon take care of the problem.

For those who use the listings on zap2it.com, you might want to avoid it for a few days until the site has a chance for find and remove the problem. This can happen to almost any site and this one is normally a safe site, but give them a chance to fix the problem before going back to it.

I do not need help cleaning up my system as I know it was caught right away, but would appreciate the info I asked for above.

Thank you for your help

Edited by Stang777, 22 April 2010 - 03:21 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,963 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:31 PM

Posted 22 April 2010 - 09:18 AM

Sophos assessment of Trojan.JS.Pakes.br

Did your anti-virus provide a specific file name associated with the malware threat(s) detection and if so, where is it located (full file path) at on your system?

Each security vendor uses their own naming conventions to identify various types of malware so it's difficult to determine exactly what has been detected or the nature of the infection without knowing more information about the actually file(s) involved. See Understanding virus names.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Stang777

Stang777

    Just Hoping To Help

  • Topic Starter

  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:31 PM

Posted 22 April 2010 - 05:31 PM

Hi Quietman,

Thank you for replying, the link and your help.

I looked at the page you linked to last night but I guess I didn't look close enough because until I loaded it from your link, I missed the tabs on it which did give a bit more information than I found last night.

This is the information from my antivirus program....

Decription Anti-virus detected an infected file
Date / Time 2010/04/22 01:21:36-7:00 GMT
Type On-Access scan
Virus name Trojan.JS.Pakes.br
Filename C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\B7DEO2QV\cd[1].htm
Action Infected
Mode Auto

Since this site has always been safe and I had it opened for a very long before this happened, do you think it probably came from an ad on the site that loaded when I loaded a new time frame for the listings since the ads change when you do that?

Thank you for your help

Edited by Stang777, 22 April 2010 - 05:32 PM.


#4 kalailyliani

kalailyliani

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 23 April 2010 - 02:50 AM

i also have this problem. I actually think i got mine from FB from those stupid Ipad links.

Trojan.JS.Pakes.br was found in C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ADSDMNQ3\adServer[2].htm on 4/23/2010 0:41:48

Zonealarm can't do anything to it. Can't delete, quarantine, delete on reboot, etc. Malware Bytes didnt detect it...

I want to try Combofix, but i'm afraid to use it cause it says i shouldn't use it without a helper or something :/

Edit: i tried looking for this NetworkService folder in C:\Documents and Settings, but i don't even see it... :thumbsup:

Edited by kalailyliani, 23 April 2010 - 02:51 AM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,963 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:31 PM

Posted 23 April 2010 - 08:05 AM

do you think it probably came from an ad on the site

Ads and banners are common infection vectors. They are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. I expalin this more in How Malware Spreads - How did I get infected

Welcome to BC kalailyliani

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Stang777

Stang777

    Just Hoping To Help

  • Topic Starter

  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:31 PM

Posted 23 April 2010 - 09:17 AM

Thank you Quietman.

That is what I thought about the ad.

This site has been trustworthy for long enough for me to trust it, and I believe they would have found and removed the problem after I notified them about it, so I back to that site today and did not have any problem. However, I did not load the listings for the time frame that I had opened when that was downloaded to my system. Wasn't intentional, I just happened to be too busy to need those listings, but even if I hadn't been, I might not have loaded them.

I figure my virus protection found and deleted it when it happened before so it would have again. I am using a different browser now though, not sure if that would help or not but have been told Firefox is more secure so that is what I am using.

Thank you for the help and info Quietman.



Hi Kalailyliani,

I do not know why ZoneAlarm didn't take care of the problem for you, that is the program that caught and removed the problem on my system. I had it delete it and that was that. If your browser is set to delete all temporary internet files when it closes, then it is gone anyway. If you had closed the browser before you told ZoneAlarm to treat or delete it, that would be the reason ZoneAlarm was not be able to perform that action as it was already removed.

Edited by Stang777, 23 April 2010 - 09:19 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users