Jump to content
Jaspernine

JS:ScriptIP-inf [Trj] not detected by malwarebytes

Recommended Posts

Hello 

I have Malwarebytes premium and AVG premium running. I have a scheduled daily full scan on both with rootkits and i also have all protections on by malwarebytes. I noticed that my AVG was not performing it's daily scans. I used the repair tool on AVG to try to remedy the problem. After using it and scanning it found a virus JS:ScriptIP-inf [Trj]. I'm very worried that all my daily scans with malwarebytes (using the best and slowest options, the scan takes about 7 hours to complete sometimes) did not find this virus.

My updates are always current

Can someone please tell me what is going on? 

grab results attached

mbst-grab-results.zip

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column

    mbst_get_started.jpg
     
  7. Click the Gather Logs button

    mbst_advanced_gather_logs.jpg
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer

    mbst_getting_logs.jpg
     
  9. Upon completion, a file named mbst-grab-results.zip will be found on your Desktop. Click OK

    mbst_log_saved_desktop.jpg
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Share this post


Link to post
Share on other sites

MBAM does no target malicious script files by signatures.  If a script is malicious, the anti-exploitation module will kick-in and block the malicious activity.

 

Share this post


Link to post
Share on other sites

I'm sorry, I'm not sure if I fully understand. Are you saying that this script is not malicious? Is this a false positive? Should I change all my passwords as recommended by avg support?

AVG SUPPORT's Reply

"I'd request to click 'Send for analysis' from AVG quarantine to submit the file for analysis.
Click this link https://support.avg.com/SupportArticleView?urlname=Use-AVG-Quarantine on how to submit a quarantined file for analysis.
It looks like a browser hijacker which is a form of unwanted software that modifies a web browser's settings without a user's permission, to inject unwanted advertising into the user's browser. A browser hijacker may replace the existing home page, error page, or search engine with its own.

As a precautionary measure, I'd recommend you to change the passwords and delete saved card numbers from any websites.
It is unlikely that your personal information is stolen"

Share this post


Link to post
Share on other sites

No.  I am stating that Malwarebytes will not use signature based detection on scripted malware.  Thus MBAM will not "detect" scripted malware. 

I am stating that Malwarebytes' anti exploit module will block a script's malicious actions.

I can't tell you if it is a False Positive nor if it is warranted to change passwords solely on the basis that AVG detected the "trojan" JS:ScriptIP-inf [Trj] ( it is not a virus as you stated ).  If you had MBAM installed, it would have blocked malicious activity if the script was attempted to be executed.

If you want to to see if the file AVG detected as JS:ScriptIP-inf [Trj] is a False Positive or not, submit the file to Virus Total.

 

Share this post


Link to post
Share on other sites
2 minutes ago, David H. Lipman said:

No.  I am stating that Malwarebytes will not use signature based detection on scripted malware.  Thus MBAM will not "detect" scripted malware. 

I am stating that Malwarebytes' anti exploit module will block a script's malicious actions.

I can't tell you if it is a False Positive nor if it is warranted to change passwords solely on the basis that AVG detected the "trojan" JS:ScriptIP-inf [Trj] ( it is not a virus as you stated ).  If you had MBAM installed, it would have blocked malicious activity if the script was attempted to be executed.

If you want to to see if the file AVG detected as JS:ScriptIP-inf [Trj] is a False Positive or not, submit the file to Virus Total.

 

Thank you for replying.

So if the script was not executed I should be fine?

How can I submit a file to Virus total that is in quarantine?

Share this post


Link to post
Share on other sites
1 hour ago, Jaspernine said:

all my daily scans with malwarebytes (using the best and slowest options, the scan takes about 7 hours to complete sometimes) did not find this virus.

Just to add, doing a full daily scan with Malwarebytes is really not recommended.  All you need is a Threat scan which should only take less than 10 minutes depending on the speed of your computer.  You can do a full scan if you wish, maybe once a month.  Since you have Premium fully active, chances of something getting in is not likely.

Share this post


Link to post
Share on other sites

JS:ScriptIP-inf [Trj] is usually a detection avast/AVG give on websites ( there may be JS script containing a blacklisted URL ? )

posting a screenshot of AVG message would help

Edited by pondus

Share this post


Link to post
Share on other sites

Virus Total indicates that this is a GZip'd file which gibes with it being a web site artifact script.

 

Share this post


Link to post
Share on other sites
2 minutes ago, David H. Lipman said:

Virus Total indicates that this is a GZip'd file which gibes with it being a web site artifact script.

 

Gibes? The script was found in firefox which I have installed several months ago. 

Untitled.jpg

Share this post


Link to post
Share on other sites

C:\Users\Myounis\AppData\Local\Mozilla\Firefox\Profiles\zk6bm3qb.default\cache2\entries\6872B5AF9D0A82D44D6303B21D98D3922EBAF4A5

 

Share this post


Link to post
Share on other sites

Is AVG premium with Malwarebytes Pemium even a good combo? AVG employee said "Firstly, it is not advisable to have two antivirus software in your computer as it may end in conflict, sometimes no protection at all."

Is that true? If so which one should I keep?

Share this post


Link to post
Share on other sites

Yes, Gibes as in a "mocking taunt" being a suspected malicious script file from a web browsing session indicative of a web site script and coincides with it being found in a Firefox cache.

Malwarebytes is not an anti virus application.  It is an anti malware application as it is incapable of handling file infecting viruses.

Malwarebytes happily coexists with AVG.  Albeit, there may be some slight tweaks to make them even more cohabitable.

Share this post


Link to post
Share on other sites
3 minutes ago, David H. Lipman said:

Yes, Gibes as in a "mocking taunt" being a suspected malicious script file from a web browsing session indicative of a web site script and coincides with it being found in a Firefox cache.

Malwarebytes is not an anti virus application.  It is an anti malware application as it is incapable of handling file infecting viruses.

Malwarebytes happily coexists with AVG.  Albeit, there may be some slight tweaks to make them even more cohabitable.

so is it a virus? if so, should I change my passwords and credit cards? Personal information may be stolen?

Share this post


Link to post
Share on other sites

NO!

Viruses are a specific type of malware that self replicates.  Or, in other words, is able to autonomously spread.

This is a trojan.  As noted in the detection name JS:ScriptIP-inf [Trj] - Trj stands for trojan.

Viruses and trojans are a sub-type of malware like Ford and Subaru are sub-types of automobiles.

Share this post


Link to post
Share on other sites
16 minutes ago, Jaspernine said:

so is it a virus?

No  JS:ScriptIP-inf [Trj]  Trj = Trojan   

 

Edited by pondus

Share this post


Link to post
Share on other sites
1 minute ago, David H. Lipman said:

NO!

Viruses are a specific type of malware that self replicates.  Or, in other words, is able to autonomously spread.

This is a trojan.  As noted in the detection name JS:ScriptIP-inf [Trj] - Trj stands for trojan.

Viruses and trojans are a sub-type of malware like Ford and Subaru are sub-types of automobiles.

Ok. What I mean to ask is, is it a positive threat? should I change my passwords and credit cards? Personal information may be stolen?

Share this post


Link to post
Share on other sites
2 minutes ago, Jaspernine said:

Ok. What I mean to ask is, is it a positive threat? should I change my passwords and credit cards? Personal information may be stolen?

my guess this is a script loaded by a ad-network on a website you have been

Share this post


Link to post
Share on other sites

It is a low-level threat and not having a specific knowledge of what it specifically does I can't come to conclusions.

 

 

Share this post


Link to post
Share on other sites
1 minute ago, David H. Lipman said:

It is a low-level threat and not having a specific knowledge of what it specifically does I can't come to conclusions.

 

 

 

1 minute ago, pondus said:

my guess this is a script loaded by a ad-network on a website you have been

Thank you both so much for the replies. I'm just wondering how come malwarebytes didnt detect the malware with web protection and with all the scans. 

Share this post


Link to post
Share on other sites

Answered in  Post #3

3 hours ago, David H. Lipman said:

MBAM does no target malicious script files by signatures.  If a script is malicious, the anti-exploitation module will kick-in and block the malicious activity.

 

Share this post


Link to post
Share on other sites

With all the security software I have on my pc, I don't know what else to do to ensure that I do not get malware or viruses. I'll reinstall windows and start over just to be sure. Is there anything else i can do to be sure that I dont get threats like this again. I also don't understand how both MB and AVG didnt catch this sooner. I have uninstalled firefox months ago, even then I barely used it. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.