cancel
Showing results for 
Search instead for 
Did you mean: 
rmczar
Level 7
Report Inappropriate Content
Message 1 of 5

JS/Ransom-ABJ detected

js/ransom-abj was detected by McAfee, it was in the log, but it did not stop the virus from infecting my user account. I could not boot to safe mode. I had a second account with full admin rights on my pc so I was able to log into that account and manualy clean the virus.

4 Replies
Highlighted
Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 2 of 5

Re: JS/Ransom-ABJ detected

You tacked this in to the end of a discussion about a redirector, which this isn't. I've branched it out and moved it into Security Awareness / Top Threats.

McAfee has detected the javascript file dropped by a Trojan. You don't say if anything else was detected.

There isn't a description of this in the McAfee database but thanks to VirusTotal I can confirm that this is the same one known to Microsoft as Trojan:JS/Reveton.A : see the Encyclopedia entry for this detection at

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan:JS/Reveton.A

The malicious JavaScript's only function is to use the legitimate system file "rundll32.exe" to launch the Trojan:Win32/Reveton dropper component.

For a generic description of the Reveton dropper (there are many variants) see

http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fReveto...

Deleting the files may get rid of the infection but you should still run a couple of scans just in case : the Trojan may have downloaded other malware.

I would advise that you run Stinger (from here) and then update McAfee and run a full scan.

rmczar
Level 7
Report Inappropriate Content
Message 3 of 5

Re: JS/Ransom-ABJ detected

Thanks for taking the time to give my post a look. At the time nothing eles was detected. But since then 2 full automatic scans was ran and the following was detected in the quarantined and trusted items screen. I'v had the ZerroAcess before, I cleand it with ComboFix it's good to see McAfee detecting it now

I will give Stinger a try,

Thanks

Screen Shot.jpg

Message was edited by: rmczar on 5/20/13 7:15:19 PM CDT

Re: JS/Ransom-ABJ detected

Hi

The same has just happened to me today. Why a month after you highlighted this threat is McAfee still letting this Trojan though?. I went onto live chat with McAfee who put me through to the Virus Removers. They wanted to charge me $89.95 to check my machine. Found your post on Google and checked my machine with the stinger in McAfee reply to you.

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 5 of 5

Re: JS/Ransom-ABJ detected

bertie42 wrote:

Why a month after you highlighted this threat is McAfee still letting this Trojan though?.

Well, it's not, exactly. It's a Trojan, which means it either persuades you to let it run or sneaks in by the back door via a drive-by, which means you haven't updated one of the commonly-targeted programs that the Exploit Kits go after. McAfee detects it only by checking the MD5 or SHA1 signatures of any files created or downloaded. So change the MD5/SHA1 signature and it's effectively an unknown file. As for the specific file that is the subject of this thread, it's only a dropper file. It requests another file to be downloaded. "McAfee lets it through" because anti-virus programs, if they work on a signature-checking basis, can be fooled simply by modifying the code to create a new signature. Fortunately signature-checking is only one of the ways to detect malware. There are better ways to stop malware running, involving behaviour analysis. But even that isn't foolproof, and the detection algorithms have to be constantly modified to counter the latest malware developments.

McAfee isn't a magic shield, and nor are any of the rival products. It does pretty well, though.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community