I just got an alert from the web shield that a Js obfuscated trojan was found on a website.
I went into the log viewer and found this listed under the warning tab:
Sign of “JS:Obfuscated-T [Trj]” has been found in “XXX://chifundo-kawaimomona.yourjournal.in/css/css.js” file.
What troubled me is that even though the alert came up, it looked like Avast was still allowing the web page to load. I terminated the page from loading by pressing the back button on my browser, but I am now wondering if I have been infected?
Is this how the web shield is supposed to work, or is it supposed to stop pages that are infected from loading?
The reason the ‘rest’ of the page loaded is that the main page isn’t infected, but the file being detected css.js is being dropped when avast aborts the connection to download to your browser cache and load it.
So the web shield does it job by aborting the connection for infected elements of a page and not the whole site/page.
Not many are detecting it, but it is most certainly a malicious file, having looked at it, css files usually have .css extension http://www.fileinfo.com/extension/css, so this .js file masquerading as a css file for me was suspect from the start before examining it.
Good, so I would have been able to surf that site without fear of infection. I wasn’t too sure how it worked. I know that some programs will block access to an infected site.
I ran a thorough scan with Avast and Malware Bytes. Came up clean on both.
I wouldn’t say “so I would have been able to surf that site without fear of infection” as who is to say what other suspect items might be there, but you shouldn’t have suffered from this encounter.