I Need Help JS:Downloader-GAI[trj] ?

Viruses and worms
1

Avast found a threat called JS:Downloader-GAI[trj] infected file isuspm.ini location in the Installshield\update can anyone confirm if this is a actual virus or a false? Any help will be appreciated Thank you

2

Good article on a way to check potentially infested ini files is to be found here:
https://kc.mcafee.com/corporate/index?page=content&id=KB53094

Take the info in the link given for general Windows platform related information.
The specific McAfee related information should NOT be regarded and omitted here.
(pol).

Possible symptoms include: Suspicious computer behavior such as high CPU usage on unrecognized processes Significantly increased network traffic or bandwidth usage New services added or existing services removed Unable to access network resources such as shared drives Applications cease to function or files cannot be accessed Unexpected registry keys added Internet Explorer home page changed without permission

Do an avast full-scan (establish whether PUB-mode is being set).

This article includes references to some third-party tools. For instructions on using them, we recommend here that you use the Help files for the third-party products. (pol.)

Go over it as sketched. Then report here: https://www.avast.com/false-positive-file-form.php

polonus

3
can anyone confirm if this is a actual virus or a false?
Not possible to say from the info given. You can upload and check file(s) here www.virustotal.com

And it is not a virus but a trojan JS:Downloader-GAI[trj] = Trojan / JS = Java Script / Downloader = It download stuff

4

…and post the link to the VT result here.

5

Here’s the results from virustool https://www.virustotal.com/gui/file/8e3d23d99cb19bebac2347695b610cecb2aecaf90fe347582cb00b27274b7f1f/details
they don’t really say what it is other Thank you all for the help :slight_smile:

I opened it in notepad++ and it had a website googling it it showed it’s adware didn’t dig too deep in the links though

6

OK, most major AVs flag it, doesn’t look like a FP.
https://www.virustotal.com/gui/file/8e3d23d99cb19bebac2347695b610cecb2aecaf90fe347582cb00b27274b7f1f/detection