JS:ScriptIP-inf [Trj] not detected by malwarebytes

[Jaspernine]

Hello 

I have Malwarebytes premium and AVG premium running. I have a scheduled daily full scan on both with rootkits and i also have all protections on by malwarebytes. I noticed that my AVG was not performing it's daily scans. I used the repair tool on AVG to try to remedy the problem. After using it and scanning it found a virus JS:ScriptIP-inf [Trj]. I'm very worried that all my daily scans with malwarebytes (using the best and slowest options, the scan takes about 7 hours to complete sometimes) did not find this virus.

My updates are always current

Can someone please tell me what is going on? 

grab results attached

mbst-grab-results.zip

[Malwarebytes]

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

1. Download Malwarebytes Support Tool
2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
3. Double-click mb-support-X.X.X.XXXX.exe to run the program
   • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
4. Place a checkmark next to Accept License Agreement and click Next
5. You will be presented with a page stating, "Get Started!"
6. Click the Advanced tab on the left column
   
   
    
7. Click the Gather Logs button
   
   
    
8. A progress bar will appear and the program will proceed with getting logs from your computer
   
   
    
9. Upon completion, a file named mbst-grab-results.zip will be found on your Desktop. Click OK
   
   
    
10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
    
       

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

• Renewals
• Refunds (including double billing)
• Cancellations
• Update Billing Info
• Multiple Transactions
• Consumer Purchases
• Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

[David H. Lipman]

MBAM does no target malicious script files by signatures.  If a script is malicious, the anti-exploitation module will kick-in and block the malicious activity.

 

[Jaspernine]

I'm sorry, I'm not sure if I fully understand. Are you saying that this script is not malicious? Is this a false positive? Should I change all my passwords as recommended by avg support?

AVG SUPPORT's Reply

"I'd request to click 'Send for analysis' from AVG quarantine to submit the file for analysis.
Click this link https://support.avg.com/SupportArticleView?urlname=Use-AVG-Quarantine on how to submit a quarantined file for analysis.
It looks like a browser hijacker which is a form of unwanted software that modifies a web browser's settings without a user's permission, to inject unwanted advertising into the user's browser. A browser hijacker may replace the existing home page, error page, or search engine with its own.

As a precautionary measure, I'd recommend you to change the passwords and delete saved card numbers from any websites.
It is unlikely that your personal information is stolen"

[David H. Lipman]

No.  I am stating that Malwarebytes will not use signature based detection on scripted malware.  Thus MBAM will not "detect" scripted malware. 

I am stating that Malwarebytes' anti exploit module will block a script's malicious actions.

I can't tell you if it is a False Positive nor if it is warranted to change passwords solely on the basis that AVG detected the "trojan" JS:ScriptIP-inf [Trj] ( it is not a virus as you stated ).  If you had MBAM installed, it would have blocked malicious activity if the script was attempted to be executed.

If you want to to see if the file AVG detected as JS:ScriptIP-inf [Trj] is a False Positive or not, submit the file to Virus Total.

 

[Jaspernine]

2 minutes ago, David H. Lipman said:

No.  I am stating that Malwarebytes will not use signature based detection on scripted malware.  Thus MBAM will not "detect" scripted malware. 

I am stating that Malwarebytes' anti exploit module will block a script's malicious actions.

I can't tell you if it is a False Positive nor if it is warranted to change passwords solely on the basis that AVG detected the "trojan" JS:ScriptIP-inf [Trj] ( it is not a virus as you stated ).  If you had MBAM installed, it would have blocked malicious activity if the script was attempted to be executed.

If you want to to see if the file AVG detected as JS:ScriptIP-inf [Trj] is a False Positive or not, submit the file to Virus Total.

 

Thank you for replying.

So if the script was not executed I should be fine?

How can I submit a file to Virus total that is in quarantine?

[David H. Lipman]

Go to;  https://www.virustotal.com/gui/home/upload

Follow directions. 

Please post the URL of the final report provided.

NOTE:  If AVG deleted/quarantined the file then you won't be able to submit the file to Virus Total.

[Firefox]

1 hour ago, Jaspernine said:

all my daily scans with malwarebytes (using the best and slowest options, the scan takes about 7 hours to complete sometimes) did not find this virus.

Just to add, doing a full daily scan with Malwarebytes is really not recommended.  All you need is a Threat scan which should only take less than 10 minutes depending on the speed of your computer.  You can do a full scan if you wish, maybe once a month.  Since you have Premium fully active, chances of something getting in is not likely.

[Jaspernine]

I keep trying to post the results but the spam filter won't let me post anything.

[Jaspernine]

Virus total results

Please check. Thank you

[pondus]

JS:ScriptIP-inf [Trj] is usually a detection avast/AVG give on websites ( there may be JS script containing a blacklisted URL ? )

posting a screenshot of AVG message would help

Edited October 29, 2019 by pondus

[David H. Lipman]

Virus Total indicates that this is a GZip'd file which gibes with it being a web site artifact script.

 

[Jaspernine]

2 minutes ago, David H. Lipman said:

Virus Total indicates that this is a GZip'd file which gibes with it being a web site artifact script.

 

Gibes? The script was found in firefox which I have installed several months ago. 

[Jaspernine]

C:\Users\Myounis\AppData\Local\Mozilla\Firefox\Profiles\zk6bm3qb.default\cache2\entries\6872B5AF9D0A82D44D6303B21D98D3922EBAF4A5

 

[Jaspernine]

Is AVG premium with Malwarebytes Pemium even a good combo? AVG employee said "Firstly, it is not advisable to have two antivirus software in your computer as it may end in conflict, sometimes no protection at all."

Is that true? If so which one should I keep?

[David H. Lipman]

Yes, Gibes as in a "mocking taunt" being a suspected malicious script file from a web browsing session indicative of a web site script and coincides with it being found in a Firefox cache.

Malwarebytes is not an anti virus application.  It is an anti malware application as it is incapable of handling file infecting viruses.

Malwarebytes happily coexists with AVG.  Albeit, there may be some slight tweaks to make them even more cohabitable.

[Jaspernine]

3 minutes ago, David H. Lipman said:

Yes, Gibes as in a "mocking taunt" being a suspected malicious script file from a web browsing session indicative of a web site script and coincides with it being found in a Firefox cache.

Malwarebytes is not an anti virus application.  It is an anti malware application as it is incapable of handling file infecting viruses.

Malwarebytes happily coexists with AVG.  Albeit, there may be some slight tweaks to make them even more cohabitable.

so is it a virus? if so, should I change my passwords and credit cards? Personal information may be stolen?

[David H. Lipman]

NO!

Viruses are a specific type of malware that self replicates.  Or, in other words, is able to autonomously spread.

This is a trojan.  As noted in the detection name JS:ScriptIP-inf [Trj] - Trj stands for trojan.

Viruses and trojans are a sub-type of malware like Ford and Subaru are sub-types of automobiles.

[pondus]

16 minutes ago, Jaspernine said:

so is it a virus?

No  JS:ScriptIP-inf [Trj]  Trj = Trojan   

 

Edited October 29, 2019 by pondus

[Jaspernine]

1 minute ago, David H. Lipman said:

NO!

Viruses are a specific type of malware that self replicates.  Or, in other words, is able to autonomously spread.

This is a trojan.  As noted in the detection name JS:ScriptIP-inf [Trj] - Trj stands for trojan.

Viruses and trojans are a sub-type of malware like Ford and Subaru are sub-types of automobiles.

Ok. What I mean to ask is, is it a positive threat? should I change my passwords and credit cards? Personal information may be stolen?

[pondus]

2 minutes ago, Jaspernine said:

Ok. What I mean to ask is, is it a positive threat? should I change my passwords and credit cards? Personal information may be stolen?

my guess this is a script loaded by a ad-network on a website you have been

[David H. Lipman]

It is a low-level threat and not having a specific knowledge of what it specifically does I can't come to conclusions.

 

 

[Jaspernine]

1 minute ago, David H. Lipman said:

It is a low-level threat and not having a specific knowledge of what it specifically does I can't come to conclusions.

 

 

 

1 minute ago, pondus said:

my guess this is a script loaded by a ad-network on a website you have been

Thank you both so much for the replies. I'm just wondering how come malwarebytes didnt detect the malware with web protection and with all the scans. 

[David H. Lipman]

Answered in  Post #3

3 hours ago, David H. Lipman said:

MBAM does no target malicious script files by signatures.  If a script is malicious, the anti-exploitation module will kick-in and block the malicious activity.

 

[Jaspernine]

With all the security software I have on my pc, I don't know what else to do to ensure that I do not get malware or viruses. I'll reinstall windows and start over just to be sure. Is there anything else i can do to be sure that I dont get threats like this again. I also don't understand how both MB and AVG didnt catch this sooner. I have uninstalled firefox months ago, even then I barely used it.