bugs

Forum > Bugs > Trojan-Downloader.JS.Agent.gwr
Reply To Thread (login)
Sesshomaru [59]
2013-08-18 17:43:43
[11 years, 129 days ago]

This started a few days ago and it's still going on. I scanned my computer both with Kaspersky and Malwarebytes and I'm not infected so I don't really know what's going on. It could be real or it could be a false positive (probably a false positive). I took this screenshot the other day and it's still the same so here you go:

http://i.imgur.com/Z2ByIdi.png

Now to play Sherlock Holmes :)


 
Sesshomaru [59]
2013-08-18 17:44:21
[11 years, 129 days ago]

Oh and a little thing here: it happens randomly when I open a train or a fight page.


 
New Alan [130]
2013-08-18 18:19:05
[11 years, 129 days ago]

Youve downloaded an add-on of some sort. Since you said links, I think thats it. It is replacing your links and such. If anything restore your computer back a few days


 
Gpof3 [53]
2013-08-18 18:20:19
[11 years, 129 days ago]

Yea what Alan said. It's best, and easiest if you system restore back a little bit.


 
Sesshomaru [59]
2013-08-18 18:28:10
[11 years, 129 days ago]

Well I only got my internet back 4 days ago. I installed new versions of Flash and Java and Kaspersky updates but that's it. I'll uninstall them and see what happens.


 
DarkNinjaMaster [40]
2013-08-19 02:20:12
[11 years, 128 days ago]

try hitman pro, it will work once for free and remove pretty much anything, then it will scan for free so i just use it to see if I have any problems


 
TheCause [361]
2013-08-19 03:11:59
[11 years, 128 days ago]

have the exact same on my laptop, started not too long ago, it will show popups with certain words in showroom, like gold


 
Ender [1]
Administrator
2013-08-20 07:06:49
[11 years, 127 days ago]

OP, it's indeed (very likely) a false positive. The bit of JS it's complaining about is minified/obfuscated, so it probably thinks it's up to no good when it is, in fact, benign.

TheCause, are you sure that's the same problem? A screenshot would help. My first impression is that it sounds like advertising malware that scans webpages you load for keywords, putting in advertisements for certain special words like "gold".


 
TheCause [361]
2013-08-20 07:11:56
[11 years, 127 days ago]

that could be, ill make a screenshot when i get home on my laptop


 
Sesshomaru [59]
2013-08-20 12:07:50
[11 years, 127 days ago]

Just a little bit of an update: I removed pretty much all my addons (I think I may have just left the Google Update), deleted all my cache/preferences and the like, and while it seems to happen less now it still happens. A little bit of more info: when it does it the page takes a bit more to load I think and it is only happening on bots4. No other websites are affected and I get it randomly through fights where no words change really. I'm going to try Hitman Pro (got it on right now) and see what happens.


 
Morningstar5 [44]
2013-08-20 12:32:11
[11 years, 127 days ago]

Hmm, it seems like we're dealing with a false positive here. After Hitman Pro cleaned up some stuff I still got the message again while fighting, so I went to VirusTotal to see if the url itself has something fishy about it. It was caught by Websense ThreatSeeker as a malicious site but not by 38 other virus scanners so it is more than likely that Websense/Kaspersky are just too sensitive. Would it be possible for you to play around with that bit of programming sometime Ender so that it won't set off alerts for me? Cuz' I don't want to play around with manual blocks etc. just in case it is something.


 
Ender [1]
Administrator
2013-08-20 19:43:41
[11 years, 127 days ago]

I don't think there's anything I can do on my end. These over-aggressive anti-viruses are essentially black boxes, so I don't really know what sort of heuristics they're even using to determine that a certain script is malware.


 
Morningstar1 [44]
2013-08-21 09:39:05
[11 years, 126 days ago]

Alright, well, I'll see what I can do then. I'll see what happens when I block the address etc. and tell you what happens.


 
Kemper [201]
2013-08-21 09:43:04
[11 years, 126 days ago]

I run these and give them to other people. They have no issues hardly and it ends fixing major issues they were having.

superantispyware

avast antivirus

ccleaner

can find all those on filehippo.com


 
Kemper [201]
2013-08-21 09:43:23
[11 years, 126 days ago]

-Rithy


 
Sesshomaru [59]
2013-08-21 22:59:48
[11 years, 126 days ago]

So what I did was block the addresses (one with the extension, one without) and did around 24k energy today without Kaspersky bugging me. I can tell that sometimes it will go to the page since it stays white for awhile like it's trying to load like it did before with the virus prompt but instead it just skips ahead after the white screen lag and continue on. Will update tomorrow if it changes at all.


 
Forum > Bugs > Trojan-Downloader.JS.Agent.gwr
Reply To Thread (login)