constantly message of connection aborted ... 21656496f07761af42.js

Viruses and worms
1

Hi,
Using Chome, I found that every page I load, this file is trying to be loaded:

s3.amazonaws.com/jsfile/21656496f07761af42.js

even an empty html page, from my loaclhost.

It happen on both machines i have, with Chrome and the same user account, so all the extensions are loaded in both.

Is it loaded from an extension… ?
or something native from Chrome…?

is it a real virus…?

Thanks in advance.
Daniel.

2

Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892

3

…the logs…

4

Can you find and attach Addition.txt please? (Should be located in this folder: C:\Users\lenovo\Downloads)

Are you a developer by chance? I’m seeing a lot of webpage application software (Github, MySQL, HeidiSQL, HTTPD, etc).

Also, in an elevated command prompt (Right click → “Run as Admin”), type the following command? netstat -a -n -b > output.txt

The file will be located in C:\Windows\System32\output.txt. Please attach that file as well.

5

Yes, I’m a developer.

Attached are the required files.

Thanks.

6

Sass Drake will be around likely before the end of the day.

I had a look at the JS code sitting on the AWS server. It’s appeared heavily obfuscated.

7
I had a look at the JS code sitting on the AWS server. It's appeared heavily obfuscated.
JS code scan https://www.virustotal.com/gui/file/79eee5ce26bf9b7f2114609846f2554cef7968e0ace2bdedaf5b0337092105a8/detection

Adware:JS/InjectorAd.A
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Adware:JS/InjectorAd.A&ThreatID=258409

8

Looks clean to me. Can you try to disable Chrome extensions one by one until Avast detections stops?

9

Well @Sass
It looks like it is the extension “Best Draw.io Diagram Tool”
(https://chrome.google.com/webstore/detail/best-drawio-diagram-tool/cchkdgeljiellkglonkiciahfdhnpcen)

I’m thinking it’s a wrapper (and fake) for draw.io

Extension Details:

Description
draw.io is free online software for creating flowcharts and various diagrams.
Version
3.3
Size
< 1 MB
ID
cchkdgeljiellkglonkiciahfdhnpcen
Inspect views
No active views
Permissions
Read your browsing history
Site access
Allow this extension to read and change all your data on websites you visit:
On click
On specific sites
On all sites << It is ON

Allow in incognito [Off]
Warning: Google Chrome cannot prevent extensions from recording your browsing history. To disable this extension in incognito mode, unselect this option.
Allow access to file URLs [Off]
Collect errors [Off]

10

Please report status when that extension is disabled.