I was researching on google when suddenly one of the links I clicked on had a infection detected by avast web shield called “JS:Redirector-QE [TRj]”. does anyone know what this infection is and how severe it is?
once I got the popup note I quickly closed the website and deleted my cache and cookies. Is my computer still infected with this threat right now? Is there anything else I need to do to remove it? What can I do to keep my computer clean from the threat right now, or did I already do what’s needed? Also, in the webshield section of the avast application, do I have to click clean history to remove this threat completely out of my system?
please help, thanks!
(I’ve attached some screen captures if it helps you to understand my situation to provide your help!! thanks!)
There can’t really be an exact determination of how severe something like this might be, that would depend on what the payload is on the redirected location.
Essentially avast sees the redirection function within the javascript file (most likely to go to a malicious site), at that point avast acts to prevent the redirection and possible infection.
so the pop-up was just warning me that this is a site I should not visit, and that the application has blocked the threat from getting into my system? Does that mean nothing happened and I can continue to use my computer?
Yes, I have had a similar alert while browsing for a particular software title. I got the ding-ding sound and wondered what the heck was going on. I would trust in DavidR’s reply that the re-direct was spotted by Avast and you were stopped going to the malicious link. I must admit it’s a bit scary but Avast leapt into action at the right time.
oh, you mean that the site i visited was probably not the malicious site but it contained a javascript that could bring me to the actual site with the threat?
I landed on the site URl “hXXp://andahazi.com/ap/nwd8/tyrud.js” and was not redirected to anywhere else. Does this URL contain any virus that damaged my computer in anyway then?
oh and, is there anything I have to do for maintenance to my computer now? or do I just continue using it and pretend nothing ever happened?
It means that the javascript file (on the site you were visiting) that would have carried out the redirection was blocked (the connection was aborted) so it didn’t get downloaded to the browser cache and it didn’t get run.
That is the point of the web shield to alert and prevent the suspect content from getting on your system and run, so it can’t go to the location of the redirection.
Please ‘modify’ your post change the URL from http to hXXp (e.g. hXXp://andahazi.com/ap/nwd8/tyrud.js), to break the link and avoid accidental exposure to suspect sites, thanks.
It won’t make any difference as the web shield doesn’t have a history in the same way as a browser, it records information on the alert in its log file (text only file), you can’t be harmed by that and you can’t end up at that site from the log file.
What you are viewing (your image 2) is a more user friendly GUI is an extract from the log file, it isn’t active; though it will do no harm in cleaning the history.