Trojan information required
Thread Starter
Joined: Mar 2000
Posts: 406
Likes: 0
From: Winchester.Hants.England
Trojan information required
I found the following Trojan on my computer and was wondering if anyone could throw any light on where it came from and what it does?
MALWARE.JS_PLAY.A
Thanks in anticipation
Flybywyre
MALWARE.JS_PLAY.A
Thanks in anticipation
Flybywyre
Joined: Dec 2001
Posts: 140
Likes: 0
From: STL
FBW, the malware part is a generic reference. The JS ought to indicate that the virus is delivered by a scripting language -javascript - but java viruses have also been so-named.
You might want to contact Trend Micro and ask them why they dropped this pattern. See http://www.antivirus.com/vinfo/virus...Name=JS_PLAY.A
You didn't mention which virus checker you used. If you have not already deleted the malware then you might want to send it to mcafee or symantec. I don't use either of their checkers but they have always cheerfully looked at the samples I have sent them. Frisk in Iceland is especially helpful. HTH
You might want to contact Trend Micro and ask them why they dropped this pattern. See http://www.antivirus.com/vinfo/virus...Name=JS_PLAY.A
You didn't mention which virus checker you used. If you have not already deleted the malware then you might want to send it to mcafee or symantec. I don't use either of their checkers but they have always cheerfully looked at the samples I have sent them. Frisk in Iceland is especially helpful. HTH
Thread Starter
Joined: Mar 2000
Posts: 406
Likes: 0
From: Winchester.Hants.England
Thanks BB...........
I used "Trend" to detect the Trojan. It picked it up on a standard virus scan. I will Email them and see why they have dropped it from their list and post the reply on here.
I assume that no harm has been done.
Regards
FBW
I used "Trend" to detect the Trojan. It picked it up on a standard virus scan. I will Email them and see why they have dropped it from their list and post the reply on here.
I assume that no harm has been done.
Regards
FBW
Thread Starter
Joined: Mar 2000
Posts: 406
Likes: 0
From: Winchester.Hants.England
Reply from Trend........
" Thank you for contacting the Virus Doctor @ Trend Micro. We received your email regarding your concern.
We have dropped the pattern JS_PLAY.A within our pattern file beginning with 968 that means this is no longer exist since we have renamed the virus as JS_EXCEPTION.GEN. "
They have asked me to send them the virus in a zip file for examination and to answer my further questions, such as what did this virus do to my computer?
The virus was eliminated so I am unable to do that...I have notified Trend and will post anything else they send me of interest.
Regards
FBW
" Thank you for contacting the Virus Doctor @ Trend Micro. We received your email regarding your concern.
We have dropped the pattern JS_PLAY.A within our pattern file beginning with 968 that means this is no longer exist since we have renamed the virus as JS_EXCEPTION.GEN. "
They have asked me to send them the virus in a zip file for examination and to answer my further questions, such as what did this virus do to my computer?
The virus was eliminated so I am unable to do that...I have notified Trend and will post anything else they send me of interest.
Regards
FBW
Joined: Dec 2001
Posts: 140
Likes: 0
From: STL
FBW, I bet it's the "coolsite" js worm. If you use MSIE did it change your start page to a porn site?
If so then it is nondestructive malware and ridding yourself of the file and changing your MSIE start page cures everything. However, you should correct your system to avoid further expolits.
<a href="http://securityresponse.symantec.com/avcenter/venc/data/js.exception.exploit.html" target="_blank">http://securityresponse.symantec.com/avcenter/venc/data/js.exception.exploit.html</a>
If so then it is nondestructive malware and ridding yourself of the file and changing your MSIE start page cures everything. However, you should correct your system to avoid further expolits.
<a href="http://securityresponse.symantec.com/avcenter/venc/data/js.exception.exploit.html" target="_blank">http://securityresponse.symantec.com/avcenter/venc/data/js.exception.exploit.html</a>
Thread Starter
Joined: Mar 2000
Posts: 406
Likes: 0
From: Winchester.Hants.England
Hello BB
I do use MSIE and the only sign of anything being wrong was that the text (font) on sites I was viewing would change.
Regards
FBW
PS I'm still non the wiser as to what damage-if any, that this has done to my computer?
[ 19 December 2001: Message edited by: Flybywyre ]</p>
I do use MSIE and the only sign of anything being wrong was that the text (font) on sites I was viewing would change.
Regards
FBW
PS I'm still non the wiser as to what damage-if any, that this has done to my computer?
[ 19 December 2001: Message edited by: Flybywyre ]</p>
Joined: Dec 2001
Posts: 140
Likes: 0
From: STL
FBW, maybe that is what Trend Micro refers to as "changing the appearance of MSIE". Here is the URL for their page
<a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=JS_EXCEPTION.GEN" target="_blank">http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=JS_EXCEPTION.GEN</a>
In answer to your question about damage, there is none. This malware is about as benign as they come. It's more the work of a prankster than a juvenile delinquent. Notwithstanding, do install Microsoft's patch because more malicious java applets can exploit the very same security gap. There is a link from the Symantec URL given above.
-- BB
<a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=JS_EXCEPTION.GEN" target="_blank">http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=JS_EXCEPTION.GEN</a>
In answer to your question about damage, there is none. This malware is about as benign as they come. It's more the work of a prankster than a juvenile delinquent. Notwithstanding, do install Microsoft's patch because more malicious java applets can exploit the very same security gap. There is a link from the Symantec URL given above.
-- BB
