TechSpot

JS/Downloader.Agent Detected

By Camera Hunter
Nov 10, 2007
  1. I figured I might as well let you know what's going on...

    My AVG Free is set up to run automatically, every morning. Yesterday I happened to see the computer while it was running and noticed it had found a threat. After checking the log, I see that it has found a threat every day since the middle of October (why wouldn't it have alerted me somehow?)

    So, I did the following:

    Turned off System Restore.
    Went through Add/Remove Programs and removed anything I didn't recognize (a few of these required a reboot).
    Updated all detection programs, then ran in order:
    Disk Clean Up
    CW Shredder
    Rogue Remover
    Ad Aware 2007 Free
    Spybot S&D
    AVG Anti Spyware
    AVG Anti Virus

    After all this, it still detected the threat. As I was looking the AVG results, I noticed that the program hadn't moved the threat into the virus vault. So I did it manually, then "wiped" it from the vault, restarted the computer in Safe Mode, and am re-running AVG Anti Virus.

    I'm hoping for the best and I'll keep you posted.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    What file is AVG finding the infection in?

    Regards Howard :)
     
  3. Camera Hunter

    Camera Hunter TS Rookie Topic Starter

    It found 2 JS/Downloader.Agent files--both were buried in folders I created for saved web pages, word documents, etc. Both files were named index_data\a.htm

    Good news--moving the files to the vault and then wiping them did the trick. I ran a virus scan while in Safe Mode, and it found no threats. I rebooted normally and ran a virus scan again and it again found no threats. Whew!

    Anybody know what JS/Downloader.Agent is?
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The JS/Downloader.Agent is as it`s name implies a malicious downloader that will download other malicious files to the infected system.

    Download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

    Combofix will automatically save the log file to C:\combofix.txt

    Then go HERE and follow the instructions.

    Post a HJT and Combofix log.

    Regards Howard :)
     
  5. Camera Hunter

    Camera Hunter TS Rookie Topic Starter

    I've attached both logs
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your log files are clean.

    However, your Java installation is well out of date and is a security risk.

    Go HERE, download and install the latest version of Java.

    Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Camera Hunter only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Camera Hunter

    Camera Hunter TS Rookie Topic Starter

    Thanks so much Howard, I really appreciate it. By the way--how did something like JS Downloader get on my computer in the first place? Is that something I downloaded, or did it get by Zone Alarm in the middle of the night? In other words, what's the best way to prevent it from happening again?

    Thanks
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The JS Downloader will have arrived on your computer via a download or some malicious website you visited.

    Regards Howard :)

    This thread is for the use of Camera Hunter only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...