Update: Removing JS/Downloader.Agent virus
Posted on Feb 02, 2008 under Security | 8 CommentsThis is just an update of my last post Removing JS/Downloader.Agent virus. I’m still not able to get rid of the problem but seems found the root of the problem.
The tool that I suggested in last post is just a temporary solution. Actual problem is that my computer is not infected, it is other infected computer(s) in our Cable networks LAN . AVG antivirus is just stopping the virus to infect my computer.
When I posted my problem on few other tech forums they said that either my computer is infected or I am regularly visiting some site which are infected or AVG is just identifying a normal file as a virus. Someone suggested me that I should use other anitivirus. So I downloaded Avast home edition which is a free to use antivirus software.
Avast also detecting the same virus just with different name, it also showing location from where it trying to download. Well it is http://g.asdafdgfgf.com/ads.js [don't visit this site].
When I did a search about this link, I found very helpful and informative thread at DevNetwork Forum..
There several peoples are complaining about the same problem. Going through each post, what I understood that:
At first it downloads a copy of ads.js file from http://g.asdafdgfgf.com/ [don't visit this site] in an unprotected computer. Then it downloads and execute ADS.EXE file.
ADS.EXE has been seen to perform the following behavior(s):
- Executes a Process
- Creates a TCP port which listens and is available for communication initiated by other computers
- The Process is packed and/or encrypted using a software packing process
ADS.EXE has been the subject of the following behavior(s):
- Created as a new Background Service on the machine
- Created as a process on disk
- Executed as a Process
- Added as a Registry auto start to load Program on Boot up
More information on this file can be found at : SpywareData.com and Prevx.com.
Since the problem is not in my computer and it is in someone else computer in our Cable networks LAN so only cable operator can help me in this matter.
Removing the infected computer(s) from LAN is the only solution of this problem. In the forum someone suggested a tool for cable operator that help in finding the infected computer. This tool can be downloaded from http://www.arechisoft.com/. A cable operator of Andheri/Mumbai, have explained how they were successfully get rid of this problem. Here is it if you wants to read: http://forums.devnetwork.net/viewtopic.php?p=438910#p438910
Since only the cable operator can help me in this matter, I’m trying to contact them, let’s see how long does it take.
Tags: Downloader.Agent, LAN, virus