hynesfamily123

JS:Trojan.Cryxos.1257 won't leave me alone!

Recommended Posts

My antivirus scanner keeps telling me JS:Trojan.Cryxos.1257 is in my system and has been removed, yet it comes back a day later.

Apparently this is dangerous and will affect my browser and files safety, so if any of you can let me know how to fix it, and get this trojan off my computer, let me know please!

Here are the files the help forum told me to add:

Thank you.

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites

Hello hynesfamily123!   Please write more details when antivirus detected the Trojan.  Was it during Custom scan,  browsing Internet pages or something else?

If you have the file that was detected please send it to us and write full path to detected file.  Did you noticed some dangerous activity in your browser?

 

Thank you.

Share this post


Link to post
Share on other sites
10 minutes ago, LSArtem said:

Hello hynesfamily123!   Please write more details when antivirus detected the Trojan.  Was it during Custom scan,  browsing Internet pages or something else?

If you have the file that was detected please send it to us and write full path to detected file.  Did you noticed some dangerous activity in your browser?

 

Thank you.

This was done while I was playing a game. It just popped up on BitDefender telling me that they had deleted a file that was a Trojan: yet I have not noticed any ads or difficulties on my browsers, nor do I notice any missing files.

There is the full scan it sent me in the image pinned below

In order for me to send the file over, I have to restore it back to my computer: won't it attack my computer if I restore it, however? How am I able to send it over here without the restored Trojan doing damage?

infectedfile.PNG

Share this post


Link to post
Share on other sites
52 minutes ago, hynesfamily123 said:

This was done while I was playing a game. It just popped up on BitDefender telling me that they had deleted a file that was a Trojan: yet I have not noticed any ads or difficulties on my browsers, nor do I notice any missing files.

There is the full scan it sent me in the image pinned below

In order for me to send the file over, I have to restore it back to my computer: won't it attack my computer if I restore it, however? How am I able to send it over here without the restored Trojan doing damage?

infectedfile.PNG

If you don't see any anoying pop-ups or scam in your browser - nothing to worry about.  Notification of BD means that it found web page in the Internet Explorer cache and this file contains some part of malicious script, so BD moves it to quarantine.  So if you visit again some site with such malicious web page Bit Defender will lock  and delete this file again. 

  • Like 1

Share this post


Link to post
Share on other sites

As Artem wrote, this means that you visited a web page that the antivirus program doesn't like and if you visit the same page again the procedure is repeated. In this case "web page" might not be the web page that is in the address field of the browser, but it can be an ad or some other info that the page fetches from another server.

I don't see any malicious files in the log files of FRST.

From Addition.txt:
AV: Bitdefender Antivirus (Disabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}

Why is your antivirus program disabled?
Everyone should have a running antivirus program.

Share this post


Link to post
Share on other sites
On 8/16/2018 at 6:47 PM, LSArtem said:

If you don't see any anoying pop-ups or scam in your browser - nothing to worry about.  Notification of BD means that it found web page in the Internet Explorer cache and this file contains some part of malicious script, so BD moves it to quarantine.  So if you visit again some site with such malicious web page Bit Defender will lock  and delete this file again. 

There are no pop-ups, thankfully. It just seems to remove this file over and over, despite it already being removed before: as if the file keeps showing back up on my PC, even if it's wiped off by BD. It's good to know that my computer is safe, thank you so much for your help!

On 8/17/2018 at 3:12 AM, CeciliaB said:

As Artem wrote, this means that you visited a web page that the antivirus program doesn't like and if you visit the same page again the procedure is repeated. In this case "web page" might not be the web page that is in the address field of the browser, but it can be an ad or some other info that the page fetches from another server.

I don't see any malicious files in the log files of FRST.

From Addition.txt:
AV: Bitdefender Antivirus (Disabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}

Why is your antivirus program disabled?
Everyone should have a running antivirus program.

Thank you for the explanation. It's reassuring knowing that my computer is protected. I turned off the antivirus so I could use another virus scanning program, it is turned back on now. Thank you for your concern and help, it means a lot, you guys!

Share this post


Link to post
Share on other sites

Is Internet Explorer running when Bitdefender finds the file?
Maybe it's easier for it to really move the file when Internet Explorer isn't running. If the file returns when you start Internet Explorer or while you're using it, I think it's some web page that you visit that Bitdefender doesn't like.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now