Hi, what exactly this malware do?
hXXps://zpb.bvdssej.tk/21006749.js [L] JS:Cryxos-O [Trj] (0)
Avast blocked it, so my PC is not infected?
Thank you.
Hi, what exactly this malware do?
hXXps://zpb.bvdssej.tk/21006749.js [L] JS:Cryxos-O [Trj] (0)
Avast blocked it, so my PC is not infected?
Thank you.
Correct, the Web Shield (presumably) is the shield that made the detection so it effectively blocks any download or running of the .js file
Update - One hit on virustotal on the domain - https://www.virustotal.com/gui/url/63f6c1dd2c998318e7dafe995b0fd37b794071ac12398dab0a46b73a67e2d95e/detection
Some security related pointers on that site - https://en.internet.nl/site/zpb.bvdssej.tk/2275494/
Medium Security Risk reported here - https://sitecheck.sucuri.net/results/zpb.bvdssej.tk - with some hardening improvements mentioned.
Considered a Medium Security Risk here - https://quttera.com/detailed_report/zpb.bvdssej.tk
The DrWeb file scanner doesn’t find anything (no guarantees though), see attached image.
Thank you for answer. So it looks it is not that dangerous.
You’re welcome.
A possibility of a false positive, but backed up by the Web Shield if it weren’t an FP.
Hi, what exactly this malware do?
F-secure info:
Cryxos trojans display an alarming notification message saying that the user’s computer or web browser has been ‘blocked’ due to a virus infection, and that their personal details are ‘being stolen’. The user is then directed to call a phone number for assistance in the ‘removal process’. This is a version of a ‘call support’ scam.
ASN data for IP 104.21.34.80 show that this abuse was performed via a Cloudflare hosted domain.
Re: https://sitereport.netcraft.com/?url=http://zpb.bvdssej.tk Netcraft risk:10 out of 10.
More malicious domains are being hosted via Cloudflare. Take nothing for granted to-day.
And do not click links from mails that are/seem suspicious.
polonus