JS:Packed-AB [Trj].

system · February 1, 2009, 11:03am

Avast DID infact detect the new malicious malware “JS:Packed-AB [trj]” but was unable to get rid of it. so why would avast post announcements that their antivirus is the ONLY one in the market to detect thsi new malware, while in fact is unable to remove it???
also, no postings on how to remove this malware on this website >:(

RejZoR · February 1, 2009, 1:12pm

Erm, use boot-time scan…
Also if you read closely it says they are the only ones detecting it fully, not removing it fully. Though boot time should do it.

system · February 1, 2009, 1:17pm

you Eastern Europeans are definitely the SMARTEST i ve ever come across
Thanks for the suggestion. One question; how do i do the boot-time scan?

Maxx_original · February 1, 2009, 1:20pm

and how could we fix/clean the server-side infections, when we are on the client side? don’t you know? should we hack the server, clean the html pages and go away?

system · February 1, 2009, 2:18pm

http://www.digitalred.com/avast-boot-time.php

system · February 1, 2009, 4:11pm

I have encountered a JS:Packed-D [trj] every time an add for Cisco Collaboration Technologies comes on while watching a show on fox.com. It causes Firefox to crash. How do I get past it?

RejZoR · February 1, 2009, 7:04pm

You can’t because it’s apparently embeded inside that advertisement. Well you can try with AdBlock Plus extension however to block the ads all together and also avoid loading that ad.

system · February 2, 2009, 3:02pm

avast is not the ONLY one in the market to detect this new malware, Sophos detects it as JS/ApndIfra-A since 11 April 2008, avast should not say that

DavidR · February 2, 2009, 3:24pm

It wouldn’t be new if it was from April 2008, there are new variants and attack methods coming out, so I feel sure this doesn’t refer to the same thing.

Maxx_original · February 2, 2009, 3:58pm

sert: the phrase is “At the moment, avast! is the only antivirus software fully detecting this new malware.” - you probably overlooked the word FULLY… some sites detected by our engine were checked against other AV engines and not a single one of them has had a 100% coverage… this was the statement on Jan 18.

jsejtko · February 2, 2009, 4:50pm

well… At the time of publishing avast was only one AV protecting against this malware. It is more than 14 days now, so what has changed?

Sophos looks to be the second engine (GData uses avast!, so GData too). Sophos detect this malware as Mal/ObfJS-AJ which is probably some generic detection. Description can be seen here:

http://www.sophos.com/security/analyses/viruses-and-spyware/malobfjsaj.html

Dates from description says everything, so this looks sophos generic detections maight detect this malware before avast.

And how looks todays detections (more than 14 days after attack):

http://www.virustotal.com/cs/analisis/ccb0c368459322acd008d024e361a458
http://www.virustotal.com/cs/analisis/470fe4182ca7d5682dfaa6f8a8737ee5

Both files are real webpages downloaded from internet.

Regards

JS:Packed-AB [Trj].

Announcements