Jump to content

Search the Community

Showing results for tags 'javascript'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






Found 4 results

  1. Long story short, there is a massive phishing campaign going on assisted by fake news and the email contains some links such as these. I am here to report these, VirusTotal is unable to detect anything but the behavior is suspicious already. Save this Javascript, might be dangerous and relevant for the analysis, its obfuscated (came from the source code of one of the following links): https://api.b2c.com/api/init-607fc50a7q9gbqtx6p6.js The hyperlinked text in the email redirects to several URLs like these: http://service.comms.yahoo.net/T/v40000016d4bd6ef6d8f2bd6f4bbc782e8/d851160d7f5b444c0000021ef3a0bcc4/d851160d-7f5b-444c-9bac-3f9f9003f12a?__F__=v0fUYvjHMDjRPMSh3tviDHXIoXcPxvDgUUCCPvXMWoX_0JoZLAZABQFyuCvepFzO6Gi_7mTyxpEHBeobYfYuMKxKF30_nRv5kdBS5o8DWw7zWwaKHPicgJEbi2mIcO09HMayTwoan5hE1cmytgCJaAhI-l7ev-4o3mj7drBut5GMaWk_bdZMloV8tbO0p0IuS3g9LFpxs-MrZZXFvv1IUW9mIDinWMAisyKO0YxWWoDaYakLM-WjT6-28_oIzktSoIRFnqNi6mzOj05IBTsE4voYqZwAj-6-kW3WL2ZdHK1elojTfMIXhkIQ== http://service.comms.yahoo.net/T/v40000016d4bd6ef6d8f2bd6f4bbc782e8/d851160d7f5b444c0000021ef3a0bcc5/d851160d-7f5b-444c-9bac-3f9f9003f12a?__F__=v0fUYvjHMDjRPMSh3tviDHXIoXcPxvDgUUCCPvXMWoX_0JoZLAZABQFzPG-zH7Z8Axr6nl0B3NK8Oe7rrqH8l-9KF30_nRv5kdIFdJ4JByjkh0LDjb0_vYeMF5FrNsmjk0yCxHOQEea5D71LZ16xxHfU-jLNCm8kZ2NWSpuVhwfSZWa1u0svKt6VG3qmegcJmKUTqBQwYa1FGa-jt3plckiARUTd_iNt21hpVWCd3eWlnbNU1oow4p0wVzMEaYF6wgVH6Io0XoMus8whCpPOrU82IAxf9c_Kl7FxRBMDLJOe1zYKSDKyTEiq7jrk9JUCdWt9YwW13jtHo= Which come from a realistic phishing email, as shown: The final URL is: www.YahooDataBreachSettlement.com Notice yahoo.net rather than yahoo.com
  2. I have just fallen for the "Urgent Firefox Update" scam, and not only downloaded the JavaScript but run it! It was when this opened a terminal window and started running something that I realised it was some sort of malware. At this point, I disconnected my computer from the Internet and ran Malwarebytes. This detected three suspicious files which I quarantined. The corresponding Malwarebytes log is attached. I then, following the advice at: https://malwaretips.com/blogs/remove-fake-urgent-firefox-update-virus/ ran AdwCleaner and HitmanPro (see HitmanPro_20170705_1523.log) which deleted a whole bunch of cookies and an executable which I believe to be, in fact, benign (it has been on my system without causing problems for a year or more). I then updated and reran Malwarebytes, which then found no threats. My concern is whether I can safely continue to use the machine, or if there is anything I can do to ensure that there is no residual threat lurking somewhere. I'm running the latest version of Windows 10 on a Microsoft surface pro 3. In case this is relevant the source of the rogue software (retrieved from my browsing history) appears to be https://odahxvisitezmonsite.com/2051415340379/1499254195619138/firefox-update.js and https://odahxvisitezmonsite.com/2051415340379/1499254195619138/firefox-patch.js Immediately prior to receiving the "Urgent Firefox Update" message the webpage I was on was https://www.thoughtco.com/photoshop-clone-stamp-tool-tutorial-1697534 Any advice would be welcome! malware.txt HitmanPro_20170705_1523.log
  3. I've been a paid user of Malwarebytes for many years. Around 2004 I did a ton of research on Windows infections. Javascript on web pages was shown to be a huge percentage of the infection vectors. And considering that I scan email-attached documents with VirusTotal before I open them in a Sandboxie instance, javascript appeared to be the pretty much the only way I'd ever get infected. So I installed NoScript in Firefox and I've been using it to severely limit javascript for the last decade. I've never been infected, that I know of, and I scan often with Eset and MWB. Over the years, though, more and more sites don't work without javascript. In the last year it has gotten to be a big problem. I'm starting to move all my browsing into Firefox in Sandboxie, so I can run javascript, but this is a terrible solution because everything (bookmarks, etc.) get dumped at the end of the session. So I'm looking into the javascript question again. I'd love some feedback. 1. is javascript still a huge hole in security, or has it somehow become 'safe' to allow web pages to run javascript? A quick scan of the Malwarebytes forum shows a lot of javascript malware. 2. Does anyone have an opinion of Sandboxie, or should I just give up, and run a Linux VM for my browsing? 3. If I don't allow javascript in my browser, is there any way to get infected by just browsing?
  4. A week or 2 ago, I first received ad.adsmatte.com pop-ups each time i used most web sites except while usingFRST.txtAddition.txtFRST.txt youtube. I ignored them as the pop-ups initially led to a facebook login page(so i thought no biggie), but today it's some e-commerce site (aliexpress.com or something similar). I've always had pop ups blocked so that was weird. Plus today, more sinister looking pop ups showed up and began obstructing web pages. They would not go away unless i clicked on them or used task manager to end Chrome or Mozilla. They said things like "are you sure you want to leave this page?" or that some lp flash player needs to be updated. Did download Malwarebytes, ran the scan. It detected a Trojan.Inject and a PUP.optional.toolbar in my downloads, i deleted them in a flash. But no change. The ads/page blockers continue to pop up. Some pc-help sites recommended disabling javascript which solved everything, but if there was a more convenient solution, it would be just splendid.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.