JS:Pdfka-JS [Expl]

I went to a website called hxxp:\www.newscheif.com with mozilla firefox 3.5.3
When i closed the window avast detected a virus called JS:Pdfka-JS [EXPL] , it’s in the chest now.
I ran a quick scan with windows defender and quick scan with malwarebytes. Both came up clean.
Do i still have malware on my comp.? Some help?

Edit: avast! home edition 4.8.1351 with up-to-date virus definitions

Vista home premium 64-bit SP1

Hi hello123,

Could you please modify your link to make it unclickable (i.e. chage http to hXXp) to prevent others potentially becoming infected.

This kind of detection is very common these days, with many ‘legitimate sites’ becoming hacked to distribute malware:

Every 3.6 seconds a website is infected

From the detection name, I think this is a pdf exploit. Often this would be taken advantage of if you had out of date software

The site in question, is not a good one:

There isn’t much on this page, besides links that claim to go to the website you have posted, but actually go to a malicious domain:
http://www.mywot.com/en/scorecard/searchportal.information.com
http://hosts-file.net/?s=searchportal.information.com

One thing I would recommend, is to download (or at least do the online scan) Secunia software inspector, which helps to keep your programs up to date:
http://secunia.com/vulnerability_scanning/

-Scott-

No you don’t have anything on your computer. avast should have blocked it when you entered the site and normally you only get the option Abort connection, which drops the connection that would download the item.

This should stop it getting into your browser cache, so I’m surprised you got an option to move it to the chest, a protected area where it can do no harm.

I don’t think my software is outdated, I always run windows update and update my av and malware bytes manually.
I updated flash player and firefox today.
Also The original file name of the virus was
CACHE_003
Do you want the path?
Should I be worried or need to run soem scan to see if it installed more malware, also I use mywot and I checked the scorecard page of the website before I visited it.

It is on my computer because avast gave me a path in C:\users\home\appdata\local\mozilla\firefox\ (that is not the whole path the complete path isn’t shown.

Well, since this seems to be a pdf exploit, it may be your pdf software that is out of date.

Should I be worried or need to run soem scan to see if it installed more malware, also I use mywot and I checked the scorecard page of the website before I visited it.
I also checked the WOT scorecar for this site and guess what, it's empty - there is no report. I would use caution around this method of checking as it is very user based, and can be influenced. I only reference the MyWot sites when they have a particularly bad reputaion - i.e. if it has been commented as bad by HpHosts (meaning it is included in their hosts file database)

So I shouldn’t be worried? NO need for any scans? Also about WOT being user based the recently partenerd with panda to try and back up some of there ratings.
Do i need to delete CACHE_003 from chest?

I wouldn’t be worried, avast! has caught it and dealt with it.

You don’t have to delete the file from the chest, it is a safe area where the releveant files are encrypted and inactive.

One thing:

Are you running the Webshield?
Like DavidR said above, I would have expected the webshield to catch it…

All my shields are on and they are all on high.

Wait!!
In the chest under last time of modifacation the time givien hasn’t even happened on my computer clock!

If you haven’t deleted from the chest yet, could you:

-Open the chest
-Right click the file
-click ‘Email to ALWIL Software’
-Fill out the form with the subject ‘Potential Malware’

In the ‘Additional Info’ box, could you put something like this:

Possibly missed by the Webshield and found in the Firefox cache when viewing hxxp:\www.newscheif.com
(And also include a link to this thread)

This would allow the avast! team to take a look at the site, as it was involved in the malware detection.

Thanks,

-Scott-


[b]EDIT:[/b]

Hmmm…is your time correct? What is the transfer time? (before/after the clock)
I would suggest a slight glitch in the chest maybe…

Nothing happens when I click email to alwil .

Hey should i click report a virus instead in simple userinterface?

Hmmm…a sending form should appear, there could be an issue with your installation

Hey should i click report a virus instead in simple userinterface?
I am not sure what you are referring to ???

Isn’t there another way to report on www.avast.com or virus@avast.com?

Yep, you can send an email to the email address above. Although you will have to temporarily extract the file to outside of the chest, then zip it with a pasword and then send it:

…send the file in a password protected archive to virus(at)avast(dot)com with ‘possible undetected malware’ in the subject line and the password in the email body.

Then include what I have said above.

-Scott-

When I extract the file to C:\suspect can it still harm my computer or do damage.

If you don’t activate the file - that is, don’t double click it - then you should be okay.

Same thing happened to me. While accessing a web site, Avast popped up a warning “9/18/09 8:00:11 AM j 4294946495 Sign of “JS:Pdfka-PO [Trj]” has been found in “C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QVQZA5IB\66[1].PDF” file.” I moved the file to the chest 9-18-09 8:00:52AM and it logged it as “Last changed 9-18-09 12:00:10PM”. My computer clock now reads 9:36AM on 9-18-09 which is the correct time here which is USA eastern daylight time zone, so something wrong with the chest time, I guess.