Possible virus threat at the Terragen Image Gallery

AP · January 09, 2016, 06:49:13 AM

My security suite just quarantined a JS/Agent.NQO trojan the second i clicked to view that gallery. Just a warning for everyone here.

Dune · January 09, 2016, 11:27:42 AM

Weird, I can't believe Oshyan would do such a thing

Kadri · January 09, 2016, 11:37:03 AM

Quote from: Chris on January 09, 2016, 06:49:13 AM
My security suite just quarantined a JS/Agent.NQO trojan the second i clicked to view that gallery. Just a warning for everyone here.

What Antivirus software do you have? Such warnings were mostly false positive here.

WAS · January 09, 2016, 03:03:57 PM

Likely a false positive as there is no information on it doing anything. JS simply doing something too fast can cause these false positives.

http://www.virusradar.com/en/JS_Agent.NQO/detail

Oshyan · January 09, 2016, 03:26:33 PM

Hmm, I'm not seeing any problems here. Is anyone else getting any errors, warnings, etc? It certainly could be a false positive, but I'll look into it.

- Oshyan

WAS · January 09, 2016, 03:48:01 PM

Quote from: Oshyan on January 09, 2016, 03:26:33 PM
Hmm, I'm not seeing any problems here. Is anyone else getting any errors, warnings, etc? It certainly could be a false positive, but I'll look into it.

- Oshyan

When I enabled ESET I did, but ESET is known to be increasingly picky.

Upon Infinity · January 09, 2016, 04:36:31 PM

The only problem I'm getting with the image gallery is none of my images are on it.

WAS · January 09, 2016, 04:57:31 PM

https://www.virustotal.com/en/url/840e1e9437178e0c5723ee519c95ad9d344e79963195b8a02d2b5b39b9240a8f/analysis/1452376502/

https://www.virustotal.com/en/url/e7c00563f55b3e8ace88eecd987a2832a5eb4d7fef54799b0d2c244522f34670/analysis/1452376585/

Seems all clear.

I did read some stuff on hoverIntent.js being hijacked by people that already have a infection on their computer. Not sure if relevant.

Edit:

However, the actual files in question being downloaded to our computers have issues...

https://www.virustotal.com/en/file/6444762c5ade851ac46f2958fc8436d5e16e159f100bcab06e54fb9aebe28191/analysis/1452376737/

Oshyan · January 09, 2016, 06:09:10 PM

Hmm, but only according to 3 out of 55 scanners, which is strong indication of a false positive in my experience.

- Oshyan

WAS · January 09, 2016, 06:10:36 PM

Quote from: Oshyan on January 09, 2016, 06:09:10 PM
Hmm, but only according to 3 out of 55 scanners, which is strong indication of a false positive in my experience.

- Oshyan

Considering the entry is only a couple days old with no info it's hard to say. It's llikely nothing, and a false detection based on new updates. The files in question don't have any extra file information whether headers or otherwise.

AP · January 09, 2016, 06:14:37 PM

If more then likely there is no issue, then i will leave it at that. Yes, ESET can be very picky. Apologies for the scare.

bobbystahr · January 12, 2016, 11:42:36 AM

Got a notice from Avira that there is a .js trojan just released this week to watch out for...trying to find the e mail and will post it when I do.

It was on a nag screen as I have the free version and I can't locate it...sorry.