Trojan-Downloader.JS.ListensEvent.b

Hi,

My Avast isn’t showing anything wrong, but once in a while I run Kaspersky Online Scanner. Last night when I ran it it came up with “Trojan-Downloader.JS.ListensEvent.b”. I wasn’t able to find much about it online at all. Could it be a false positive? Malwarebytes and SuperAntiSpyware aren’t picking up anything either. Thank you so much :slight_smile:

Julie

Hello julieinwv

which is that file which is being suspected as trojan by kaspersky?. it can be false positive(fp).

can you upload it virustotal.com (VT) and post the link to that page?

that would help.

Thank you. I had never used VT before. I hope I am doing this correctly.

http://www.virustotal.com/analisis/862f9a12a7b1b37f88a67d18b556bb701a301e9c773c8875f1f4ba607537391c-1250610050

i think its a false positive for sure. this happens with the online scanner, “may be” because they(generally all av companys) keep the virus definitions of their online scanner to be light. hence there might be some fps. if you are afraid then you can move it to avast chest and upload it avast by clicking the email to avast icon.

When I Googled it last night there was mention of it but barely anything. Thank you so much for looking at it for me :slight_smile:

I don’t think you have sent the right file.When Kaspersky found this threat,it should have told you the infected files name and its location. Eg virus.exe in C/windows/system32/virus exe. Its up to you to find that file and upload it.

Thank you, Micky77. I will scan it again and see. I uploaded what I saved from the site last night.

@micky77

he might have sent the right file. because of the false positive of the “online scanner” we cant say even the non-online scanner will also detect the same thing. the scanner used by the vt will not be a online scanner. think so… may be he has not uploaded the right file also.

He didn’t send the right file, he sent Kaspersky_Online_Scanner.html which is the onl-line scan page and not the file that it alerted on located on his system.

Why would Kaspersky alert on its own page ???

That is why we asked for the file name and location which was detected and have yet to get.

omg!

hypertext markup language, now i see in vt link… lol. ;D

post the file name julieinwv. do as davidr said.

I will post it when I figure it out. Thanks, again!

This what it says the File Name is:

C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\l1ey5w2o.default\Cache(5)\F1758EE9d01

Is that what you wanted?

@ micky77 and davidr

??? ???

Ok, I think I did it correctly, hopefully.

http://www.virustotal.com/analisis/9603279e29d6be0032fc30e3db66711a3ef9c0ff7e7511c8ac135655b21addc1-1245281640

only one says its fishy. add to avast chest:

right click avast tray icon > start antivirus > right click on the user interface > virus chest > user files > add files- browse for files > click email to avast > do a manual update.

Thank you, nmb… I have now done that.

you are welcome

thank you for uploading it to avast! hence improving the detection. :slight_smile:

scan the file in the chest tomorrow or day after and see if it is detected.

should you have any problems, come back.

Personally I would just delete as it is a temporary internet file, clear your firefox browser cache just to be sure.

I do believe it was a false positive detection by the kaspersky on-line scanner as even it doesn’t detect it in VT and with only one of 41 scanners most likely an FP.

If this were the reverse, e.g. avast was the only one to detect it we would be recommending you report it as a false positive.

Did you actually send F1758EE9d01, on your results it says script. Also why is Kaspersky not flagging this file ? It was the AV that alerted you in the first place ?

@micky77

may be kas is not detecting because of the reason i posted before. generally online scanners are designed to be light and hence fp’s will be seen. but with the original scanner it might not be the case.