JS:Trojan.JS.Agent.SAP
Adaware detects this, however, I've scanned with HitmanPro and Zemana AntiMalware, and both came back clean.
-
I can't find the file in AppData. I've gone to the exact place where Adaware detects the threat, but I can't find the INetCache folder.
0 -
Can you upload the file to this thread please?
0 -
INetCache is one of the folders that Microsoft thinks nobody should look into and therefore you've activate view of protected operating system files: https://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/
and inside the INetCache folder you might need to go directly to the IE folder instead of the Low folder first.
0 -
14 hours ago, CeciliaB said:
INetCache is one of the folders that Microsoft thinks nobody should look into and therefore you've activate view of protected operating system files: https://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/
and inside the INetCache folder you might need to go directly to the IE folder instead of the Low folder first.
Thanks. Here is the file. Eight engines on Virus Total detect it, which is concerning.
0 -
Hi PEllis,
Thanks for uploading the file. This appears to include a cryptocurency miner script (multiple references to CryptoNight, typically used when mining Monero) that runs when visiting the web page. These pages usually run the script without the user's consent, which is why it is included in the detection database.
As an aside, it looks like, more AVs have started to detect it: https://www.virustotal.com/#/file/576dbb37512721bd5eb744ee1a9049a09648f4099bc082cd87b78c78b402068f/detection
0 -
9 hours ago, LS.Andy said:
Hi PEllis,
Thanks for uploading the file. This appears to include a cryptocurency miner script (multiple references to CryptoNight, typically used when mining Monero) that runs when visiting the web page. These pages usually run the script without the user's consent, which is why it is included in the detection database.
As an aside, it looks like, more AVs have started to detect it: https://www.virustotal.com/#/file/576dbb37512721bd5eb744ee1a9049a09648f4099bc082cd87b78c78b402068f/detection
Should I be worried about my passwords? I have logged in to accounts since the detection. However, Adaware only detected that one file, so I should be safe?
0 -
No need to worry abut your passwords, although, this might be a good opportunity to consider setting different passwords for all your online accounts and setting up 2 Factor Authentiction on any of your accounts that provide it, if you haven't done so already.
This site lists services that support 2 Factor Authentication, so if you use any of these services, it's recommended to enable it: https://twofactorauth.org/
I use KeePassX as my password manager and Authy to keep track of 2 Factor Authentication tokens.
KeePassx: https://www.keepassx.org/
Authy: https://authy.com/
0 -
1 hour ago, LS.Andy said:
No need to worry abut your passwords, although, this might be a good opportunity to consider setting different passwords for all your online accounts and setting up 2 Factor Authentiction on any of your accounts that provide it, if you haven't done so already.
This site lists services that support 2 Factor Authentication, so if you use any of these services, it's recommended to enable it: https://twofactorauth.org/
I use KeePassX as my password manager and Authy to keep track of 2 Factor Authentication tokens.
KeePassx: https://www.keepassx.org/
Authy: https://authy.com/
Thanks for the help. I'll check out the 2 Factor Authentication site.
0
Please sign in to leave a comment.
Comments
8 comments