Object: D:/Documents and Setings/User/Local Settings/…/jquery[2].js
Infection: JS:ScriptPE-inf[Trj]
Process: D:/Program Files/NetCaptor/NetCaptor.exe
NetCaptaor is just an outdated web-browser; it was one of the first one that offered multitab-browsing and still has some really great features. It is just running “over” the MSIE - undneath is the installed MSIE (here v8) running.
Happening: AVAST is warning about above threat.
Problem 1: when clicking “move to chest” or “delete” or “block”, the warning just reappears - hundreds of times …
Problem 2: above information is not enough to find the “bad file” as path-information is cut away - and the file is inside the “temporary internet files” that has special access from windows-explorer. I first wanted to delete that specific file manually - what would only be working with “total commander” that directly accesses the inner directory (Content.IE5 etc.), but that way I had to search in which of the about 10 or 20 directories is a “jquery[2].js” … having found them, even total commander was not able to delete the specific one that avast considers as thread, as avast blocked it. I then went to the directory “…/user/local settins/” and searched in windows-explorer for “jquery” - and got presented a bunch of files. after deleting all “jquery.js” (except that blocked and undeletable one), I could see the info “http://macpup.org/javascripts/jquery.js” … but I could neither see in which directory the file was nor if it was the suspected one - as it is in no way directly accessible - even not to delete it manually.
There was no practicable way to stop AVAST from warning - and so my machine was blocked for over half an hour - I had to manually press the PowerON-Button until the OS began a shutdown/exit-programs process … And with writing here and reporting that, It took more than an hour - just for (what I consider) unappropriate behaviour from the virus protection.
There are several fundamental problems appearing with that case:
the path information is not really usable as it is shortened
that gets even more a problem when a file inside “temporary internet files” is affected
moving to chest or deleting or blocking does not seem to have any effect - otherwise the warning would not reappear again and again
there might be some strange behaviour in “temporary internet files” because of the numbering [1] etc.
I just hope that this problem won’t come again so soon - but it seems to be an old problem …
Problem seems to be solved now - but it was turning me crazy and making me losing lot’s of time.
The question here is why AVAST does not seem to be able to treat that “malware” in an acceptable way: why is it just reappearing hundreds of time even if you tell avast to a) move it to the chest, b) deleting it, c) blocking it - all does not seem to have any effect - and the user is forced to turn off his computer in order to stop the AVAST-warnings. This kind of behaviour cannot be the solution!
It is due to the amount of temporary internet files. I would recommend that you set your browser to empty them when you close it. Out of curiosity how much did TFC clean ?
But this would be a malfunction of AVAST. I cannot imagine that …
Not possible here - as for documentation purposes, temporary folders have to be kept and parts of the contents is copied out (mostly html-files and pics; all the scripts etc. are regularly deleted manually with “total commander”, deleting also all the 0-size-files).
I don’t have the intention to us that for the moment as the problem seems to be solved so far.
If your temporary folder is full and a new detection comes out then any infected files will be detected. I am not sure how Avast handles the temporary folders - it may be that the files are in use and are unable to be deleted
Might be … but the behaviour of AVAST is not acceptable that way! It seemed that only one (1) file (always the same) was reported infected.
AVAST needs to be able to handle cases like this where “in-use” files are infected. It is not acceptable to need to force-shut-down a PC because of not ending AVAST-warnings!
And what is also not acceptable: with that small window, it is impossible to see the full path of the infected file! That has to be improved that there must be a way to be able to see the full path to the infected file!
AVAST needs to be able to handle cases like this where "in-use" files are infected. It is not acceptable to need to force-shut-down a PC because of not ending AVAST-warnings!
The boot scan may have cleared it......then the files would not be in use
And what is also not acceptable: with that small window, it is impossible to see the full path of the infected file! That has to be improved that there must be a way to be able to see the full path to the infected file!
did you try moving the dividing bar to the right ?
I had a similar thing before…a recurring detection that appeared, straight away after taking actions, it came back.
I did go the TFC route at that time IIRC.
What I see in the report file. (Includes chest/delete/block)
20/02/2011 18:16:02 C:\Users\Scott\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{6F1A839B-3D1D-11E0-86C8-002622FB0B6A}.dat|>TL7 [L] JS:ScriptPE-inf [Trj] (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
While moving file to chest, error occurred: The operation is not supported for this type of archive.
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
While moving file to chest, error occurred: The operation is not supported for this type of archive.
During the file delete, error occurred: The operation is not supported for this type of archive.
Look in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\Filesystemshield.txt
for the jquery.js file, and see if there are errors. (will be near the end)
I just tell you what I did when the problem appeared: as written I use NetCaptor. It has the ability that all tabs that were open before leaving it are automatically reopened. So I started again the PC, opened NetCaptor, and a bunch of tabs were opened. At that point the problem appeared. And I assume that a “boot scan” would not have helped as the affected file was just fetched from internet and was not yet on the PC while booting …
Yes - but there is no dividing bar in that warning-window! I tried several things - even enlarging the window - all failed. But in virus chest, there is a dividing bar that you can enlarge; but I did not come so far to look inside the virus chest; and I even did not know whether the affected file really was moved to the virus chest and was appearing there …