cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
nashcoop
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 15

JS/Downloader.gen.jj

Over the past few days I've received a couple of dozen ENS alerts for detections of "JS/Downloader.gen.jj" but I can't seem to find any information on line about this detection.  The threat target file path is always a cache location for Chrome, Firefox, or Edge.  The McAfee threat library doesn't return any results when I searched the trojan name there, so where can I find more details about JS/Downloader.gen.jj so I have a better idea of how concerned I should be? 

14 Replies
AjaySundar
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 15

Re: JS/Downloader.gen.jj

Hi @nashcoop,

Good day to you!

Could you please attach the on access scan logs from the machine to check this further?

The logs should be located under the below path:

C:\ProgramData\McAfee\Endpoint Security\Logs

Regards,

AJ

nashcoop
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 15

Re: JS/Downloader.gen.jj

No, I won't attach the entire logs but here are a couple of examples of the detections:

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, which attempted to access C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0006a5\f_0006a5.

The Trojan named JS/Downloader.gen.jj was detected and deleted.

C:\Program Files\Mozilla Firefox\firefox.exe, which attempted to access C:\Users\username\AppData\Local\Mozilla\Firefox\Profiles\7t7uecqy.default-release-9\cache2\entries\4EAB1D7E8A24F6CEB8F693DE459E50FD61CB0CA2\4EAB1D7E8A24F6CEB8F693DE459E50FD61CB0CA2.

The Trojan named JS/Downloader.gen.jj was detected and deleted.

Tea_brew
Level 7
Report Inappropriate Content
Message 4 of 15

Re: JS/Downloader.gen.jj

We have been getting the same notifications. I think we narrowed down the website that was causing it to a local news site - KSL.com

My guess is one of their advertisers is the culprit.

I have attached the detected javascript file.  I also saved it in a txt file after running it through a code formatter. The code certainly looks obfuscated.

Virus Total

Joesandbox 

slapster
Level 7
Report Inappropriate Content
Message 5 of 15

Re: JS/Downloader.gen.jj

Same issue. I de-obfuscated the JS and it appears to be advertising related, but not taking any chances, would like a definitive answer on just why this one is being detected. We've had 25-30 detections, all ON DEMAND during scheduled scans.

 

SethBen
Level 7
Report Inappropriate Content
Message 6 of 15

Re: JS/Downloader.gen.jj

Also have been seeing this detection

AjaySundar
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 15

Re: JS/Downloader.gen.jj

@SethBen @nashcoop @slapster @Tea_brew 

Could you please check and confirm if you are still seeing any of those detections with the latest DAT/AMcore content?

If yes, please submit the sample along with the detection logs with McAfee for further analysis.

 

slapster
Level 7
Report Inappropriate Content
Message 8 of 15

Re: JS/Downloader.gen.jj

Yes, i still get the detection:

 

ePolicy Orchestrator Notification

Response Name: Malware detected (No Action Required)

Event Type Name: Threat

System is located at following Location: redacted

Description: Malware has been detected on redacted

Threat Names: JS/Downloader.gen.jj

Action Taken On Malware: Delete

Path of Infected File: C:\Temp\f_00024c

OS Version: Windows 10

Username: redacted

Number of events: 1

Source IPV6 addresses: redacted

Source IPV4 addresses: redacted

Detecting Product Names: McAfee Endpoint Security

DAT file version: 4276.0

Engine Version: 6100.8979

Analyzer Detection Method: On-Access Scan

nashcoop
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 15

Re: JS/Downloader.gen.jj

The last alert we received for this detection was the morning of 12/2, so it's been 48 hours since any new detections for it.

Tea_brew
Level 7
Report Inappropriate Content
Message 10 of 15

Re: JS/Downloader.gen.jj

I tested it earlier this morning using the website I mentioned earlier - www.ksl.com - and it still detected it.

Although I re-ran the file through virus-total and it showed McAfee no longer detecting it.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community