Sign in to follow this  
Guest

JS:Trojan.JS.Agent.SAP

Recommended Posts

Guest

I can't find the file in AppData. I've gone to the exact place where Adaware detects the threat, but I can't find the INetCache folder.

Share this post


Link to post
Share on other sites

INetCache is one of the folders that Microsoft thinks nobody should look into and therefore you've activate view of protected operating system files: https://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/
and inside the INetCache folder you might need to go directly to the IE folder instead of the Low folder first.

Share this post


Link to post
Share on other sites
Guest
14 hours ago, CeciliaB said:

INetCache is one of the folders that Microsoft thinks nobody should look into and therefore you've activate view of protected operating system files: https://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/
and inside the INetCache folder you might need to go directly to the IE folder instead of the Low folder first.

Thanks. Here is the file. Eight engines on Virus Total detect it, which is concerning.

as[1].htm

Share this post


Link to post
Share on other sites

Hi PEllis,

Thanks for uploading the file. This appears to include a cryptocurency miner script (multiple references to CryptoNight, typically used when mining Monero) that runs when visiting the web page. These pages usually run the script without the user's consent, which is why it is included in the detection database.

As an aside, it looks like, more AVs have started to detect it: https://www.virustotal.com/#/file/576dbb37512721bd5eb744ee1a9049a09648f4099bc082cd87b78c78b402068f/detection

Share this post


Link to post
Share on other sites
Guest
9 hours ago, LS.Andy said:

Hi PEllis,

Thanks for uploading the file. This appears to include a cryptocurency miner script (multiple references to CryptoNight, typically used when mining Monero) that runs when visiting the web page. These pages usually run the script without the user's consent, which is why it is included in the detection database.

As an aside, it looks like, more AVs have started to detect it: https://www.virustotal.com/#/file/576dbb37512721bd5eb744ee1a9049a09648f4099bc082cd87b78c78b402068f/detection

Should I be worried about my passwords? I have logged in to accounts since the detection. However, Adaware only detected that one file, so I should be safe?

Share this post


Link to post
Share on other sites

No need to worry abut your passwords, although, this might be a good opportunity to consider setting different passwords for all your online accounts and setting up 2 Factor Authentiction on any of your accounts that provide it, if you haven't done so already.

This site lists services that support 2 Factor Authentication, so if you use any of these services, it's recommended to enable it: https://twofactorauth.org/

I use KeePassX as my password manager and Authy to keep track of 2 Factor Authentication tokens.

KeePassx: https://www.keepassx.org/

Authy: https://authy.com/

 

 

  • Like 1

Share this post


Link to post
Share on other sites
Guest
1 hour ago, LS.Andy said:

No need to worry abut your passwords, although, this might be a good opportunity to consider setting different passwords for all your online accounts and setting up 2 Factor Authentiction on any of your accounts that provide it, if you haven't done so already.

This site lists services that support 2 Factor Authentication, so if you use any of these services, it's recommended to enable it: https://twofactorauth.org/

I use KeePassX as my password manager and Authy to keep track of 2 Factor Authentication tokens.

KeePassx: https://www.keepassx.org/

Authy: https://authy.com/

 

 

Thanks for the help. I'll check out the 2 Factor Authentication site.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this