Trojan Horse JS/Uniz.B

[abhong]

yep, it just popped up as i was doing my regular scheduled scanning on my AVG Pro.

tried googling but did not get much info.
anyone got some good tips/ideas?

currently i run:

Comodo Firewall Pro
AVG Pro
Spyware Doctor

and as for web, i use Firefox with no-script...

maybe i got sloppy or was click happy somewhere...

thanks.

 

[John]

JS typically indicates Javascript. You're using FF w/ no-script? SAS, AVGAS, a-squared, Kaspersky, F-Secure, and a few other are great at detecting and removing trojans. Click the first link in my sig for more info.

 

[abhong]

Thanks very much for the quick reply John... things like these are so frightening these days, with so much personal work being done over the internet.

i do have FF with no-script... but i may have been careless at one point... it seems that it is/was located in the firefox folder.

i had the free version of AVG AS and working on HJT log atm.

anything else i should do?

someone once told me the best way to be 100% sure is to get a clean start...

this thought frightens the crap out of me...

i will check out your linkie shortly...

thanks again.

 

[mechBgon]

Also, where was this file located? If it was in your browser cache, that doesn't necessarily mean you're infected, it just means your browser visited a page that had a malicious script, whether the script actually ran or not. And even if it ran, it may not have delivered its payload.

If the script was on a page where you're allowing JavaScript, however, then that would increase the concern. That can happen. Were you using an Administrator-class user account?

 

[abhong]

i am running as admin... i know, i shouldn't, right?

here's a screenshot of where it was.

Text

in case it's too small to read...

c:\Documents and Settings\ahong\Local Settings\Application Data\Mozilla\Firefox\Profiles\vxmjz9td.default\Cache\25F02E5Dd01

thanks!

 

[Medea]

Well, like Mech posted, it's in your Cache folder. Sounds like AVG got it, so just clean out your cache.

Go to the Control Panel and double-click the Java Icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache. Leave ALL 3 checked:
- Downloaded Applets
- Downloaded Applications
- Other Files

Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

 

[abhong]

thank you for the replies...

Medea, i dont have a Java Icon in my control panel... any other way of getting rid of Temp Internet Files and doing what you told me to do?

sorry, i am noobish at these dthings.

 

[Medea]

Originally posted by: abhong
thank you for the replies...

Medea, i dont have a Java Icon in my control panel... any other way of getting rid of Temp Internet Files and doing what you told me to do?

sorry, i am noobish at these dthings.

Sorry about that! That's what happens when I post before noon...

It's in your Firefox cache - not Java's cache.

In Firefox, click Tools > Advanced tab. Where it says Cache, click "Clear Now". Then set a very low number for MB of space for the cache. Personally, mine is set at O (zero) which you can set at if you have a high-speed connection. If you have a dial-up, then you may want to put a small number there.

 

[abhong]

he he he...

my brain is still on a sunday...

thanks a zillion for your help!