JS/Downloader.Agent Detected

[Camera Hunter]

I figured I might as well let you know what's going on...

My AVG Free is set up to run automatically, every morning. Yesterday I happened to see the computer while it was running and noticed it had found a threat. After checking the log, I see that it has found a threat every day since the middle of October (why wouldn't it have alerted me somehow?)

So, I did the following:

Turned off System Restore.
Went through Add/Remove Programs and removed anything I didn't recognize (a few of these required a reboot).
Updated all detection programs, then ran in order:
Disk Clean Up
CW Shredder
Rogue Remover
Ad Aware 2007 Free
Spybot S&D
AVG Anti Spyware
AVG Anti Virus

After all this, it still detected the threat. As I was looking the AVG results, I noticed that the program hadn't moved the threat into the virus vault. So I did it manually, then "wiped" it from the vault, restarted the computer in Safe Mode, and am re-running AVG Anti Virus.

I'm hoping for the best and I'll keep you posted.

 

[howard_hopkinso]

What file is AVG finding the infection in?

Regards Howard

 

[Camera Hunter]

It found 2 JS/Downloader.Agent files--both were buried in folders I created for saved web pages, word documents, etc. Both files were named index_data\a.htm

Good news--moving the files to the vault and then wiping them did the trick. I ran a virus scan while in Safe Mode, and it found no threats. I rebooted normally and ran a virus scan again and it again found no threats. Whew!

Anybody know what JS/Downloader.Agent is?

 

[howard_hopkinso]

The JS/Downloader.Agent is as it`s name implies a malicious downloader that will download other malicious files to the infected system.

Download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt

Then go HERE and follow the instructions.

Post a HJT and Combofix log.

Regards Howard

 

[Camera Hunter]

I've attached both logs

 

[howard_hopkinso]

Your log files are clean.

However, your Java installation is well out of date and is a security risk.

Go HERE, download and install the latest version of Java.

Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of Camera Hunter only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Camera Hunter]

Thanks so much Howard, I really appreciate it. By the way--how did something like JS Downloader get on my computer in the first place? Is that something I downloaded, or did it get by Zone Alarm in the middle of the night? In other words, what's the best way to prevent it from happening again?

Thanks

 

[howard_hopkinso]

The JS Downloader will have arrived on your computer via a download or some malicious website you visited.

Regards Howard

This thread is for the use of Camera Hunter only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.