Hi malware fighters,
Recently I see a lot of victims with js wonka trojan finds in the “virus and worms”.
Example: http://forum.avast.com/index.php?action=printpage;topic=62834.0
http://forum.avast.com/index.php?topic=45704.0
http://forum.avast.com/index.php?topic=58102.msg489904;topicseen#msg489904
http://forum.avast.com/index.php?topic=45704.msg382893;topicseen#msg382893
What is this generic find?
JS.Wonka is a generic detection of web pages or e-mail messages that contain a certain functionality for encrypting scripts that may have malicious intent. This does not necessarily mean that a virus has been found. It merely means that HTML code was found which attempts to activate additional executable code without the user’s express permission.
Nota Bene: this detection may be triggered by merely visiting a web page that contains malicious code. It does not necessarily mean your machine has been compromised.
Removal Instructions
If this is being detected in the Temporary Internet Files directory, in order to remove unwanted files from your computer, you will have to remove all off-line content from your PC.
The Temporary Internet Files (or cache) folder contains Web page content that is stored on your hard disk for quick viewing. This cache permits Internet Explorer or MSN Explorer to download only the content that has changed since you last viewed a Web page, instead of downloading all the content for a page every time it is displayed. To delete the files in the Temporary Internet Files folder, follow these steps:
- In Control Panel, open Internet Options.
- Click the General tab, and then under Temporary Internet files, click Delete Files.
- In the Delete Files dialog box, click to select the Delete all off-line content check box if you want to delete all Web page content that you have made available off line.
- Click OK. This info according to: http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=47231
Also here: http://www.thehonestbusinessman.com/how-to-remove-jswonka-trojan-from-wordpress/
or: http://www.marcosorfila.com/site/como-eliminar-el-troyano-jswonka-de-wordpress/#comment-978
polonus