2008 February | Web Trac

Archives for February, 2008

Update: Removing JS/Downloader.Agent virus

Posted on Feb 02, 2008 under Security | 7 Comments

This is just an update of my last post Removing JS/Downloader.Agent virus. I’m still not able to get rid of the problem but seems found the root of the problem.

The tool that I suggested in last post is just a temporary solution. Actual problem is that my computer is not infected, it is other infected computer(s) in our Cable networks LAN . AVG antivirus is just stopping the virus to infect my computer.

When I posted my problem on few other tech forums they said that either my computer is infected or I am regularly visiting some site which are infected or AVG is just identifying a normal file as a virus. Someone suggested me that I should use other anitivirus. So I downloaded Avast home edition which is a free to use antivirus software.

Avast also detecting the same virus just with different name, it also showing location from where it trying to download. Well it is http://g.asdafdgfgf.com/ads.js [don't visit this site].

When I did a search about this link, I found very helpful and informative thread at DevNetwork Forum..

There several peoples are complaining about the same problem. Going through each post, what I understood that:

At first it downloads a copy of ads.js file from http://g.asdafdgfgf.com/ [don't visit this site] in an unprotected computer. Then it downloads and execute ADS.EXE file.

ADS.EXE has been seen to perform the following behavior(s):

Executes a Process

Creates a TCP port which listens and is available for communication initiated by other computers

The Process is packed and/or encrypted using a software packing process

ADS.EXE has been the subject of the following behavior(s):

Created as a new Background Service on the machine

Created as a process on disk

Executed as a Process

Added as a Registry auto start to load Program on Boot up

More information on this file can be found at : SpywareData.com and Prevx.com.

Since the problem is not in my computer and it is in someone else computer in our Cable networks LAN so only cable operator can help me in this matter.

Removing the infected computer(s) from LAN is the only solution of this problem. In the forum someone suggested a tool for cable operator that help in finding the infected computer. This tool can be downloaded from http://www.arechisoft.com/. A cable operator of Andheri/Mumbai, have explained how they were successfully get rid of this problem. Here is it if you wants to read: http://forums.devnetwork.net/viewtopic.php?p=438910#p438910

Since only the cable operator can help me in this matter, I’m trying to contact them, let’s see how long does it take.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.

Tags: Downloader.Agent, LAN, virus

AdwareBOT 2008 is the latest, most advanced anti-spyware product that can locate, eliminate and prevent the broadest range of spyware threats possible without compromising system speed or performance.

ErrorSmart will locate the root of each problem that plagues your PC. Corrupt files and file paths and invalid registry keys... None of them can hide from ErrorSmart.

SpamWeed a complete spam filter for you.Works with Outlook, Outlook Express, Thunderbird, Eudora, Incredimail and all POP3 Email Clients. It also supports Hotmail/Yahoo accounts.

Download Free Trial