Trojan. Not disinfected

Scholar

Trojan. Not disinfected

I scanned my computer. A trojan was found, but F-Secure says that it cannot be disinfected. e.g., JS:Trojan.Script.DRZ What do I do? 

3 REPLIES 3
Superuser

Re: Trojan. Not disinfected


@Bulaien wrote:

I scanned my computer. A trojan was found, but F-Secure says that it cannot be disinfected. e.g., JS:Trojan.Script.DRZ What do I do? 


Hello,

 

Your actions based on 'destination' of this detected file.

 

F-Secure 'words' maybe means that file is 'packed/archived/zipped/compressed/bundled' and not possible to delete only this payload. With such situation -> if 'container' do not required for you -> possible to remove file manually (not only malicious payload).

 

OR maybe there is another meanings and trouble with cleaning based on something else (file is blocked/removed already as temporary file); With such situation --> good to re-check more meanings about potential src of this malicious .js-file. For example, cache of browser (so.. good to know -> what if certain known website drop this into your system).

 

Even this can be false-positive detection. Since such detection more as generic detection for .js-based malware (scripts) and based on Aquarius-engine; But maybe valid detection as improves for generic detection against freshly created malicious tricks (or hacked well-known websites).

 

Possible to use something as doublescanners: HitmanPRO (as one time-scan), Malwarebytes (as trial-mode) and re-sure that F-Secure with 'high' settings for Manual scanning (and Full Scan do not detect something else).

 

Also "TrendMicro" with article about certain malware-sample (where one of 'aliases' related with your noted detection-name):

https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/js_ursnif.ef

 

Possible to re-check article with additional information about potential useful things. For example, F-Secure do not able to handle file.. because this is attachment under spam-mail-letter. With this situation -> good to remove/delete such mail-letter (or clean/clear spam-folder) and do not launch any scripts/attachments (or load remote content).

 

Thanks!

Scholar

Re: Trojan. Not disinfected

Thank you, Ukko.

 

Bulaien.

Superuser

Re: Trojan. Not disinfected

I partly edited my previous reply. Just as information (if you read with previous state; because I able to think that article from TrendMicro can be useful. At least, with some of 'vectors' - because your own experience can be about web-based trouble or another view).