Jump to content


Photo

Malware js.generic (js)

malware js generic

  • Please log in to reply
10 replies to this topic

#1 DarknessHorror

DarknessHorror

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 20 July 2012 - 07:33 PM

Hello,

Since a few days i have a problem or maybe it's a fake warning, not sure. About a week ago, there was an Trojan detected on my pc. Well, since i got a few anti virus programs (and updating every day) it was removed quite quickly. AVG, Malwarebytes Anti Malware, Microsoft Security Essentials, all i've done a full scan and nothing found anymore now.

The weird thing is that Ad aware is up to date / protected - and don't find anything either. When i go on internet, and i go to the link ''www.youtube.com'' **It's only @ youtube.com** (which is absolutely safe as you all kow), in Ad Aware 'Quarantine ' will apear this malware problem. When in browser go to youtube.com again, i get another ''youtube malware problem''. So total 2 malware js.generic's. (I delete those and it's empty till i visit youtube.com again)

It can be found in c\users\user\appdata\local\microsoft\windows\temporary internet files\content.ies\
DNU638FG\youtube_com(1).htm

*so when youtube.com again, DNU638FG will get another name.

I just find out, i can click the traces link to get to the location on my pc (couldn't find it manually - not in hidden files too *maybe not checked well but anyway*)

Anyone have experience with this malware js.generic (js) problem and can help me out with this?
Can i delete those files i've found, by clicking the link in ad-aware to my pc location?

Thanks for reading, sorry for the long describe.

Hope to receive some help please.

Krgds

#2 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7536 posts

Posted 21 July 2012 - 11:32 AM

Hi DarknessHorror,

*so when youtube.com again, DNU638FG will get another name.

Yes, that is how Internet Explorer works.

Since the .htm file is moved to quarantine, it is not strange that no program finds anything malicious in the computer.

I'll move this topic to the forum for false positives and someone at Lavasoft will start to investigate it after the weekend.
Is YouTube displayed in Dutch for you? Maybe it is important which language YouTube selects.

#3 DarknessHorror

DarknessHorror

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 21 July 2012 - 12:42 PM

Hello CeciliaB,

Thanks for your response. Yes, Youtube is in Dutch. When i go to the site youtube.com or i press the youtube ''main menu'' button, i receive this warning in ad aware quarantine.
Then i remove it, when i keep searching on youtube it won't appear, only when coming on the ''main menu''.

Thanks for take some time for it. I appreciate it. Can you please advice if i should restore the file i get and check again with ad aware or AVG?
And manually i can't find the location from the item (*show hidden files* is checked, i can also check secured system-files for shown `but didn't try that, no experience with that but it looks like a important piece of windows itself for security, it gives a warning if you want to see those files`

#4 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7536 posts

Posted 21 July 2012 - 04:21 PM

Hi DarknessHorror,

You are welcome :)

Windows has some special treatment of the cache folders of Internet Explorer, why it is difficult to find these folders called DNU638FG etc. but I think they instead are visible in c\users\user\appdata\local\microsoft\windows\temporary internet files. Do you find htm, gif and jpg files in that folder? If yes, it is the right place.

When you restore the file, you can upload it to http://www.virustotal.com/ to get it scanned by many products.

#5 DarknessHorror

DarknessHorror

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 22 July 2012 - 03:56 PM

When i look in my ''default user'' location, i have the map 'temporary internet files' but in there is nothing - Ad aware gives the treat in quarantine message.
When i go to my 'username user'' location, i can't find the temporary internet files map (followed the procedure as you described)

Meanwhile, that content.ie5 ''DNU638FG'' name is changed off cource. Now i click on the link from ad aware. and in the new map i find Jscript files, JPEG files, Portable Network Graphics image, HTML files.

I can't find that content.ie5 folder either on windows 7. That's the map where those ''DNU etc'' maps with the Jscripts etc are coming in i quess.
For 4 days i'm not able to awnser anymore, due to travel to other country.

Thanks i will try that program out.

***I've found the temporary internet files, you said. Yes, it got HTML, JPG files in it.

Edited by DarknessHorror, 22 July 2012 - 04:12 PM.


#6 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7536 posts

Posted 22 July 2012 - 06:01 PM

Nice that you found the right folder :)
Then it will be easy to find youtube_com(1).htm when it has been restored.

#7 DarknessHorror

DarknessHorror

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 22 July 2012 - 09:50 PM

Yes, i've found the youtube_com(1).htm file indeed! But the problem, i've scanned the whole Content.IE5 folder with Ad Aware, AVG, etc (it was gone from quarantine ad aware) and nothing was found.
I've delete all the stuff 'inside the different maps' in IE5 folder. But visiting www.youtube.com, gives an new malware problem again. According the info i read on internet it's an dangerous malware, but nothing can be found by anthing. I think those filed will be 'cleaned' by ccleaner. and when i delete it from ad-aware quarantine, there is nothing going on, only perhaps by deleting itself manually once in a while there's no problem too. But it's coming back youtube_com(1). Is that file important?

After all, getting the strong feeling that Ad Aware has indeed something with the 'fake virus reconise' atm (further no problem, no slow pc, no advertices etc). Cookies will be shown here as an infected item too in red message, but cookies...can't believe they are all infected or dangerous.

Never had this before or didn't noticed it, but after all glad to have Ad-Aware. But this made me kinda scary, maybe this kind of problems are known with Lavasoft? Or it's something for updates?
I think this kind of things could have some attention for improvement :)

#8 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7536 posts

Posted 22 July 2012 - 11:33 PM

Lavasoft will investigate the problem with YouTube when they are back in the office after the weekend.

"js.generic" only means that Ad-Aware doesn't like a javascript on the web page. Javascript are very common on web pages, but there are javascript that are very malicious, while other are only slightly bad and most are, of course, not dangerous at all. It is impossible to tell if Ad-Aware thinks the javascript on YouTube are more or less dangerous.

Cookies are never dangerous for the computer, but tracking cookies are bad for your personal privacy on internet.

#9 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7536 posts

Posted 26 July 2012 - 04:35 PM

Lavasoft appreciates if you can upload the file to the forum. Please, visit the web page and let Ad-Aware quarantine the file, then restore it from quarantine, pack (zip) the file and upload the packed file here (use the button "More Reply Options" to see how you upload files).

If you don't understand what I wrote, please ask. I know that not everyone knows how to pack a file for example.

#10 DarknessHorror

DarknessHorror

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 26 July 2012 - 11:19 PM

Hello,
I understad the instructions. Due i've been a way for some days, i just readed your last posts. Today i've came back, when i started www.youtube.com, Ad aware didn't saw ''anything'' anymore in quarantine. Restarted the site couple of times, and no warning messages anymore. If Lavasoft did take some time to check that out, my many tanks to Lavasoft! Updated the program too, and still no quarantine messages anymore.

From this moment on, i really should think this was just a ''false malware problem'' - (maybe some problem in ad aware), further not having any problems with my pc (no crashes, no advertices, virus warnings etc) On July 22, i've deleted and scanned the whole IE5 map and no warnings came up. And this re-start from the pc did it, or maybe i should think the new updates from lavasoft for the program fixed this problem. It seems to be gone!

For me, this topic can be closed now (hope this topic will help other users if it may appear in the future for those who'll get it). Many thanks to you CeciliaB, and Lavasoft for the time!

#11 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7536 posts

Posted 27 July 2012 - 12:02 AM

You are welcome, DarknessHorror :)

Great that the definitions have been corrected and you can visit YouTube without any issues! :D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users