Personally I would simply let avast delete it as it is a temporary file, delete temporary internet files in your browser and reboot.
I honestly don’t believe to do a Rootkit Revealer scan, it isn’t a very friendly tool just an analysis and I don’t believe this JS:Redirector-H7 is related to any rootkit activity. I think polonus found this link, http://www.bleepingcomputer.com/forums/lofiversion/index.php/t43051.html[/t136502.html but that isn’t for the file that was found on your system.
The malware redirects (hence the name) to a malicious site that will try to infect your system, the web shield and network shield should also protect against that.
Yes DavidR is true but for sure yes a Redirector is a virus that redirect you to a malicious site i was thinking if i should post the respond or no lol. Well DavidR was more brave on this way.
In my second reply I have already remarked that using the rootkit revealer was no longer necessary, because the find was in a temporary file that you easily could delete.
Because of avast shield you more likely than not never landed at the mailicous download site/found a malicious e-mail attachment, don’t worry,
I think everything is fine now, you could still perform a full scan with MBAM form here: http://www.malwarebytes.org/mbam-download.php
You can also check the abvast logfiles if a connection to a JS-Redirector-HJ7 [Trj]-site was intercepted by your avast av-solution, it can be found in an email attachment that you’ll need to locate and delete the entire email,
If you ran the Avast! scan and if he find no virus then you are ok. JS:Redirector are a script that is redirecting to another website which contain a malware and can cause your pc to turn into a zombie. But if Avast! seeing it and you moved it to the chest or deleted it then you are same with Avast! on this case. If you are not sure you can take the Malwarebytes like polonus said. But i dont think he is on your computer because Avast! did helped you to fight it so have fun on your computer.
If it happened to be active, not likely in this case some other html page would have to load off-line for it to call this javascript file before it could redirect anything. If and it is a big if, then firstly the network shield may have that malicious site on its block list and even if not, you also have the web shield’s protection and a final fall back the standard shield. So I feel that the risk is minimal, certainly in this case.
Having run another scan without a result, you should be fine.
JS:Redirector are a script that is redirecting to another website which contain a malware and can cause your pc to turn into a zombie.
Contrary to Mr.Agent’s comment, there is no certain action that is taken as it, a) depends on the site you are sent to and b) what the particular payload can change frequently. So you would never know what might be at the URL on the other end of the redirect.
It doesn’t hurt to have anti-spyware/malware applications to compliment avast.
If you haven’t already got this software (freeware), download, install, update and periodically run them.
MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of securty, allow SAS to deal with them though.
1a. Or Spyware Terminator Resident scanner (if you use this don’t install the toolbar or crawler or the anti-virus module). - I suggest trying them in order as the order that represents the better detection and clean-up. Some elements of the programs might not work if you have an older OS like win9x or winME, this is namely the resident protection in SpywareTerminator.
i have seen this trojan JS:Redirector-H7 before too and i’m sure it infected me once… well i dont know…
i believe i got it from hxxp://www.thisisblythe.com i have contacted the owner of the site but she has ignored my email.
but you see now, when i use Fire FTP - an addon to Firefox, whenever it starts up i get the message
“550 can’t change directory to /favicon.ico: No such file or directory”
which is obviously something trying to hack my website and infect MY favicon (my site doesn’t have one, hence it cannot infect)
what’s scary is that it keeps trying and i’ve had avast to a deepscan of my computer, i’ve just deleted all cache files as recommended earlier in this forum. the ftp add on still does this whenever i connect…
my ftp settings are to go to the /public_html not some /favicon.ico
also nothing appears in the ftp logs about this request.
This can be a trick, by placing a link to a file that doesn’t exist, this would normally result in a 404 error, this can take the form of a custom 404 error page and this is frequently placed there for that purpose (of triggering the malware) or modifying an existing 404 page, to redirect to a malicious site.
– HACKED SITES - This is commonly down to old content management software being vulnerable, PHP, Joomla, Wordpress, SQL, etc. etc. see this example of a HOSTs response to a hacked site.
We have patched up the server and we found a weakness in PHP which was helping aid the compromise of some domains. We updated it, and changed some default settings to help prevent these coding compromises. The weaknesses were not server wide but rather just made it easier on a hacker to compromise individual end user accounts.
I suggest the following clean up procedure for both your accounts:
check all index pages for any signs of java script injected into their coding. On windows servers check any “default.aspx” or
“default.cfm” pages as those are popular targets too.
Remove any “rouge” files or php scripts uploaded by the hackers into your account. Such scripts allowed them to make account wide
changes, spam through your account, or spread their own .htaccess files through all of your domains in that end user.
Check all .htaccess files, as hackers like to load re-directs into them.
Change all passwords for that end user account. The cp password, the ftp password, and any ftp sub accounts. Make sure to use a
“strong” password which includes upper case, lower case, numbers and NO COMPLETE WORDS OR NAMES!
This coupled with our server side changes should prevent any resurfacing of the hackers efforts. In some cases you may still have coding which allows for injection. All user input fields hidden or not should be hard coded, filtered, and sanitized before being handed off to php or a database which will prevent coding characters from being submitted and run through your software.