Hoping for more info on this problem, have been wading thru these forums and googled this trojan horse without much luck. My big question is why did I get infected when I had Avast (free version) running? I initiated a scan and it came up with this message: Sign of “JS:Aspxor-A[trj] found in C:\Documentsandsettings\myname\localsettings\temoraryinternetfiles\content.IE5\G5UJWXQ7\b[1].js” file The recommendation was to move to virus chest, which I did. I use Win XP service pack 2. and both IE6 and Foxfire 2.0.0.9 browsers. I don’t see anyplace that tells when the trojan horse appeared or where it came from–can I find this info? I do shopping and banking on the net and am worried about this. I did re-scan documentsandsettings and found nothing. Am I ok now with the item moved to the virus chest? I did change vital passwords. Any further recommendations welcomed–I find it quite hard to follow lots of the info in these forums as they assume a higher level of computer knowledge than I have. Thanks in advance

Seems a java script trojan. You’ve followed the right direction sending to Chest.

I suggest:

1. Schedule a boot time scanning with avast with archive scanning turned on.
2. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.

Hi forumer,

About this malware see:
http://blogs.technet.com/antimalware/archive/2008/05/30/when-sql-injections-go-awry-incident-case-study.aspx
http://virscan.org/report/4c8ed26f58f674f8fee85db8de2133d7.html
If avast has sent it to the chest, your computer is out of harm’s way, and malware in the chest cannot do further harm to it and sits there neutralized.

If you use Firefox update to the latest version, and install the NoScript add-on there:
https://addons.mozilla.org/en-US/firefox/downloads/file/42119/noscript-1.8.7-fx+sm+fn.xpi
To be fully protected from malicious script SQL redirect infections, also install:
RequestPolicy from here: https://addons.mozilla.org/nl/firefox/addon/9727/

polonus

Thanks to both of you, I have followed your suggestions. Am about to download No-script, but don’t look forward to days of putting in “exceptions”, from what I read. Two questions still: Am I correct in assuming when you say to send file to quarantine–this means putting it in virus chest? And also–since I had Avast installed and up to date, why did this virus get through? Well–a third question–the Avast message said “SIGN (my caps) of virus found in file”—does that mean that it’s just a possible infection–why did they use the term “sign”? Thanks in advance, forums like this are invaluable to us nontech people and I think it’s great that you all take your time to answer us.

Yes.

Not a software is perfect and, maybe, this was missed by avast in the first time. Or your virus database wasn’t updated at that time…

Yes. Could be or could be not… for security, the file is targeted as having sign of the infection.