• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
PEllis

JS:Trojan.JS.Agent.SAP

Recommended Posts

I can't find the file in AppData. I've gone to the exact place where Adaware detects the threat, but I can't find the INetCache folder.

Share this post


Link to post
Share on other sites

INetCache is one of the folders that Microsoft thinks nobody should look into and therefore you've activate view of protected operating system files: https://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/
and inside the INetCache folder you might need to go directly to the IE folder instead of the Low folder first.

Share this post


Link to post
Share on other sites
14 hours ago, CeciliaB said:

INetCache is one of the folders that Microsoft thinks nobody should look into and therefore you've activate view of protected operating system files: https://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/
and inside the INetCache folder you might need to go directly to the IE folder instead of the Low folder first.

Thanks. Here is the file. Eight engines on Virus Total detect it, which is concerning.

as[1].htm

Share this post


Link to post
Share on other sites

Hi PEllis,

Thanks for uploading the file. This appears to include a cryptocurency miner script (multiple references to CryptoNight, typically used when mining Monero) that runs when visiting the web page. These pages usually run the script without the user's consent, which is why it is included in the detection database.

As an aside, it looks like, more AVs have started to detect it: https://www.virustotal.com/#/file/576dbb37512721bd5eb744ee1a9049a09648f4099bc082cd87b78c78b402068f/detection

Share this post


Link to post
Share on other sites
9 hours ago, LS.Andy said:

Hi PEllis,

Thanks for uploading the file. This appears to include a cryptocurency miner script (multiple references to CryptoNight, typically used when mining Monero) that runs when visiting the web page. These pages usually run the script without the user's consent, which is why it is included in the detection database.

As an aside, it looks like, more AVs have started to detect it: https://www.virustotal.com/#/file/576dbb37512721bd5eb744ee1a9049a09648f4099bc082cd87b78c78b402068f/detection

Should I be worried about my passwords? I have logged in to accounts since the detection. However, Adaware only detected that one file, so I should be safe?

Share this post


Link to post
Share on other sites

No need to worry abut your passwords, although, this might be a good opportunity to consider setting different passwords for all your online accounts and setting up 2 Factor Authentiction on any of your accounts that provide it, if you haven't done so already.

This site lists services that support 2 Factor Authentication, so if you use any of these services, it's recommended to enable it: https://twofactorauth.org/

I use KeePassX as my password manager and Authy to keep track of 2 Factor Authentication tokens.

KeePassx: https://www.keepassx.org/

Authy: https://authy.com/

 

 

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, LS.Andy said:

No need to worry abut your passwords, although, this might be a good opportunity to consider setting different passwords for all your online accounts and setting up 2 Factor Authentiction on any of your accounts that provide it, if you haven't done so already.

This site lists services that support 2 Factor Authentication, so if you use any of these services, it's recommended to enable it: https://twofactorauth.org/

I use KeePassX as my password manager and Authy to keep track of 2 Factor Authentication tokens.

KeePassx: https://www.keepassx.org/

Authy: https://authy.com/

 

 

Thanks for the help. I'll check out the 2 Factor Authentication site.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now