Trojan JS:FBAutolike-A

Avast found “Trojan JS:FBAutolike-A” and moved it to the virus chest. Can anyone tell me what it is? Do I need to change all of my passwords?

it is a website malware similar to clickjacker

http://en.wikipedia.org/wiki/Clickjacking
http://nakedsecurity.sophos.com/2011/02/22/facebook-clickjacking-malware-italian-disguises/

Loads of asp sites are vulnerable to clickjacking (scan with asafaweb).
Trojan JS:FBAutolike-A lets cybercriminals track your computer and steal your personal data.
Trojan JS:FBAutolike-A has rootkit-technology
Trojan JS:FBAutolike-A replicates and spreads betweenn disks at high speed.
Trojan JS:FBAutolike-A is a keylogger.

pol

What steps should I take to make sure its been completely removed from my system?

If you want a malware expert to check attach Malwarebytes / OTL / aswMBR logs

http://forum.avast.com/index.php?topic=53253.0

Hi BlackOcelot,

If avast tell you that he did find the “Trojan JS:FBAutolike-A” then it should be removed that. Here should be end of the story.
Now, if avast again throws the same malware warning, it just means that malware renew itself.

If you want confirmation of avast detection, post me the avast’s file path (e.g c:\windows\system32\some_folder\somefile.exe) of the detection. ScreenShot will do.
Or if you wanna system check for malware activity, follow Pondus post. MBAM is known program that shall target known malware in attempt to remove them. OTL and aswMBR are purely diagnostic tool that shall report here varius loading point. I can read these logs and tell you if malware or some other bad file/program may be present on your mashine.

No malicious items were detected when I scanned my system with Malwarebytes.

If you want confirmation of avast detection, post me the avast's file path (e.g c:\windows\system32\some_folder\somefile.exe) of the detection. ScreenShot will do.
do you have this?
Avast found "Trojan JS:FBAutolike-A" and moved it to the virus chest.
files moved to chest by avast will not be detected by Malwarebytes....and this was a javascript file and not something malwarebytes would look for...

if there is anything more to remove, magna86 will see it from the OTL log when he is back online. :slight_smile:

Hi BlackOcelot,

Posted OTL logs doesn’t show active malware. I can not claim that your computer is completely clean and free of malware because you did not post here the aswMBR logs (even though it clearly states in the guide), therefore, I can assume that you are clean.

Also I recommend you to install MCShield, the guide is in the top topic.

OTL log tell me that you have a lot of empty value keys in registry, therefore I recommend that you use CrapCleaner (aka CCleaner) to clean registry + clean all temp files…

http://www.piriform.com/ccleaner

I shall remove OTL. Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.

I stupidly forgot to save a screenshot of where the file was originally located and no longer have it to check. Sorry. :frowning:

Hi BlackOcelot,

Posted OTL logs doesn’t show active malware. I can not claim that your computer is completely clean and free of malware because you did not post here the aswMBR logs (even though it clearly states in the guide), therefore, I can assume that you are clean.

Also I recommend you to install MCShield, the guide is in the top topic.

OTL log tell me that you have a lot of empty value keys in registry, therefore I recommend that you use CrapCleaner (aka CCleaner) to clean registry + clean all temp files…

http://www.piriform.com/ccleaner

I shall remove OTL. Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.

Sorry about that! Because Malwarebytes didn’t detect anything I wasn’t sure if I needed to post an aswMBR log too.
Thank you for your help! I’ll be sure to run CCleaner to clean up the “empty crap”.

Hey, no need for apology, I’m just saying …

Posted aswMBR log looks clean, therefore your PC is clean.

:wink:

Thank you! ;D