Trojan. Not disinfected

Bulaien
Bulaien Posts: 2 New Member
in Web Browsing

I scanned my computer. A trojan was found, but F-Secure says that it cannot be disinfected. e.g., JS:Trojan.Script.DRZ What do I do? 

Like Awesome

Comments

  • Ukko
    Ukko Posts: 3,727 Superuser
    @Bulaien wrote:

    I scanned my computer. A trojan was found, but F-Secure says that it cannot be disinfected. e.g., JS:Trojan.Script.DRZ What do I do? 

    Hello,

     

    Your actions based on 'destination' of this detected file.

     

    F-Secure 'words' maybe means that file is 'packed/archived/zipped/compressed/bundled' and not possible to delete only this payload. With such situation -> if 'container' do not required for you -> possible to remove file manually (not only malicious payload).

     

    OR maybe there is another meanings and trouble with cleaning based on something else (file is blocked/removed already as temporary file); With such situation --> good to re-check more meanings about potential src of this malicious .js-file. For example, cache of browser (so.. good to know -> what if certain known website drop this into your system).

     

    Even this can be false-positive detection. Since such detection more as generic detection for .js-based malware (scripts) and based on Aquarius-engine; But maybe valid detection as improves for generic detection against freshly created malicious tricks (or hacked well-known websites).

     

    Possible to use something as doublescanners: HitmanPRO (as one time-scan), Malwarebytes (as trial-mode) and re-sure that F-Secure with 'high' settings for Manual scanning (and Full Scan do not detect something else).

     

    Also "TrendMicro" with article about certain malware-sample (where one of 'aliases' related with your noted detection-name):

    https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/js_ursnif.ef

     

    Possible to re-check article with additional information about potential useful things. For example, F-Secure do not able to handle file.. because this is attachment under spam-mail-letter. With this situation -> good to remove/delete such mail-letter (or clean/clear spam-folder) and do not launch any scripts/attachments (or load remote content).

     

    Thanks!

    Like Awesome
  • Bulaien
    Bulaien Posts: 2 New Member

    Thank you, Ukko.

     

    Bulaien.

    1Like Awesome
  • Ukko
    Ukko Posts: 3,727 Superuser

    I partly edited my previous reply. Just as information (if you read with previous state; because I able to think that article from TrendMicro can be useful. At least, with some of 'vectors' - because your own experience can be about web-based trouble or another view).  

    Like Awesome
This discussion has been closed.
Feedback on New Design

Categories