Avast For Mac Gzip Js Scriptpe-inf [trj] 2018

  

Hello.

A few days ago while going through our Avast logs I noticed that this trojan (JS:ScriptPE-inf [Trj]) had been blocked a bunch of times without anyone noticing. It seems that Avast detected the trojan trying to get in through an ingame web browser while my son was playing counter strike (motd screen you get when loading a server), but fullscreen mode kept Avast silent. Anyhow, we've done some web searching, and we've learned that it's apparently a keylogger of sorts. Now we're even more paranoid, we haven't seen any signs of weird behaviour, however keyloggers sometimes try to pass off as if everything were normal in order to snatch passcodes. Now everyone's afraid to use the family computer.

We've scanned with Avast (boot time scan), ESET online scan, Malwarebytes, Malwarebytes antirootkit, trendmicro attk and rootkitbuster. Rootkitbuster picked up a hidden file in my firefox cache, and that's all.

I've also updated java some time after the avast notifications.

I'd like to know if there might be an infection and if so, how to deal with it?

Removal of JS:Cryptonight[Trj] JS:Cryptonight[Trj] detected as a threat when a virus scan is run on MacBook Pro running macOS High Sierra version 10.13.1. Even although it is deleted it reappears the next time the device is switched on and a virus scan is run. Page 1 of 2 - JS:ScriptPE-inf [Trj] and URL:Mal Infections - posted in Virus, Trojan, Spyware, and Malware Removal Help: Im running Avast and Im starting to get these popups from the software.

Avast For Mac Gzip Js Scriptpe-inf Trj 2018 Movies

Thank you.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.51.2
Run by Casa at 6:27:00 on 2014-02-02
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.51.3082.18.3574.2234 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
Running Processes
.
C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32atiesrxx.exe
C:Windowssystem32atieclxx.exe
C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
C:WindowsSystem32spoolsv.exe
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
C:Program FilesScarlet.Crush ProductionsbinScpService.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
C:Program FilesPGP CorporationPGP DesktopRDDService.exe
C:Windowssystem32PnkBstrA.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:Windowssystem32wbemwmiprvse.exe
C:Windowssystem32taskhost.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesRealtekAudioHDARtHDVCpl.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesMicrosoft Xbox 360 AccessoriesXBoxStat.exe
C:Program FilesAlwil SoftwareAvast5AvastUI.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesSteamSteam.exe
C:Program FilesATI TechnologiesHydraVisionHydraDM.exe
C:Windowssystem32SearchIndexer.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
C:Program FilesCommon FilesSteamSteamService.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Windowssystem32conhost.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k RPCSS
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32svchost.exe -k NetworkService
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation
C:Windowssystem32svchost.exe -k imgsvc
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalServicePeerNet
C:WindowsSystem32svchost.exe -k secsvcs
.
Pseudo HJT Report
.
uStart Page = hxxp://www.google.com/
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesjavajre7binssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesalwil softwareavast5aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre7binjp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:program filesalwil softwareavast5aswWebRepIE.dll
uRun: [Steam] 'c:program filessteamsteam.exe' -silent
uRun: [HydraVisionDesktopManager] 'c:program filesati technologieshydravisionHydraDM.exe'
mRun: [RtHDVCpl] c:program filesrealtekaudiohdaRtHDVCpl.exe -s
mRun: [GrooveMonitor] 'c:program filesmicrosoft officeoffice12GrooveMonitor.exe'
mRun: [ATICustomerCare] 'c:program filesatiaticustomercareATICustomerCare.exe'
mRun: [Adobe ARM] 'c:program filescommon filesadobearm1.0AdobeARM.exe'
mRun: [StartCCC] 'c:program filesati technologiesati.acecore-staticCLIStart.exe' MSRun
mRun: [XboxStat] 'c:program filesmicrosoft xbox 360 accessoriesXboxStat.exe' silentrun
mRun: [AvastUI.exe] 'c:program filesalwil softwareavast5AvastUI.exe' /nogui
mRun: [SunJavaUpdateSched] 'c:program filescommon filesjavajava updatejusched.exe'
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportar a Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:program filesmicrosoft officeoffice12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:windowssystem32PGPlsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 200.48.225.130 200.48.225.146
TCP: Interfaces{E4FDD680-0B92-43A7-B1CB-5528C2708D20} : DHCPNameServer = 200.48.225.130 200.48.225.146
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll
AppInit_DLLs= PGPmapih.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
LSA: Notification Packages = scecli PGPpwflt
.
FIREFOX
.
FF - ProfilePath - c:userscasaappdataroamingmozillafirefoxprofilesc3zhax9f.default
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:program filesadobereader 11.0readerairnppdf32.dll
FF - plugin: c:program filesbattlelog web plugins2.1.7npesnlaunch.dll
FF - plugin: c:program filesbattlelog web pluginssonar0.70.4npesnsonar.dll
FF - plugin: c:program filesjavajre7bindtpluginnpdeployJava1.dll
FF - plugin: c:program filesjavajre7binplugin2npjp2.dll
FF - plugin: c:program filesmicrosoft silverlight5.1.20125.0npctrlui.dll
FF - plugin: c:program filesubisoftubisoft game launchernpuplaypc.dll
FF - plugin: c:program filesubisoftubisoft game launchernpuplaypchub.dll
FF - plugin: c:windowssystem32macromedflashNPSWF32_12_0_0_43.dll
.
SERVICES / DRIVERS
.
R0 aswRvrt;avast! Revert;c:windowssystem32driversaswRvrt.sys [2013-8-28 49944]
R0 aswVmm;avast! VM Monitor;c:windowssystem32driversaswVmm.sys [2013-8-28 180248]
R0 pgpfs;PGP File Sharing;c:windowssystem32driversPGPfsfd.sys [2012-6-29 147048]
R0 Pgpwdefs;Pgpwdefs;c:windowssystem32driversPGPwdefs.sys [2012-6-29 14744]
R1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [2011-3-14 775952]
R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2010-12-14 410784]
R2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2013-3-28 219136]
R2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2010-12-14 67824]
R2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast5AvastSvc.exe [2014-1-29 50344]
R2 Ds3Service;SCP DS3 Service;c:program filesscarlet.crush productionsbinScpService.exe [2013-12-9 388352]
R2 PGP RDD Service;PGP RDD Service;c:program filespgp corporationpgp desktopRDDService.exe [2012-6-29 1588488]
R3 aswStm;aswStm;c:windowssystem32driversaswstm.sys [2014-1-9 64168]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW73.sys [2013-2-14 79872]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:windowssystem32driverse1k6232.sys [2010-4-6 224424]
R3 ScpVBus;Scp Virtual Bus Driver;c:windowssystem32driversScpVBus.sys [2013-12-9 33024]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:windowssystem32driversb57nd60x.sys [2009-7-13 229888]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:windowssystem32driversMijXfilt.sys [2011-11-4 97552]
S3 VMUVC;Vimicro Camera Service VMUVC;c:windowssystem32driversVMUVC.sys [2010-12-14 254720]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:windowssystem32driversvvftUVC.sys [2010-12-14 398720]
.
Created Last 30
.
2014-01-31 02:12:03 -------- d-----w- c:windowspss
2014-01-30 23:43:32 -------- d-----w- c:userscasaappdatalocal{9FDBA568-EE58-4AEB-B4FB-6C1C88755A1E}
2014-01-30 11:43:07 -------- d-----w- c:userscasaappdatalocal{BCAC27A8-3AFF-49FF-81AA-ADFC3441B365}
2014-01-30 10:42:50 -------- d-----w- c:programdataMalwarebytes' Anti-Malware (portable)
2014-01-30 10:42:49 107224 ----a-w- c:windowssystem32driversMBAMSwissArmy.sys
2014-01-30 10:42:05 75480 ----a-w- c:windowssystem32driversmbamchameleon.sys
2014-01-29 23:42:42 -------- d-----w- c:userscasaappdatalocal{BE42CCF7-2027-45A9-9100-C94CA4D1D0B0}
2014-01-29 05:01:58 -------- d-----w- c:userscasaappdatalocal{3BB31C76-7E80-4645-8B9F-4F07BE796333}
2014-01-28 17:01:34 -------- d-----w- c:userscasaappdatalocal{D71179BD-4549-4A19-BB28-67C6CFCC7096}
2014-01-27 17:00:57 -------- d-----w- c:userscasaappdatalocal{3A37617A-F82B-442C-BDE4-8F5EBB9BE8A3}
2014-01-26 17:00:21 -------- d-----w- c:userscasaappdatalocal{09061154-9694-4174-B503-2AF694D816BB}
2014-01-26 04:59:57 -------- d-----w- c:userscasaappdatalocal{0FD549F4-B738-4553-91E4-D4E1867637E7}
2014-01-25 16:59:32 -------- d-----w- c:userscasaappdatalocal{26DFD8E7-905E-4075-A8FA-501ED414493A}
2014-01-25 04:59:07 -------- d-----w- c:userscasaappdatalocal{8D5B07C9-948D-46BE-80E3-A7110528AC8D}
2014-01-24 16:58:43 -------- d-----w- c:userscasaappdatalocal{CAA26D2A-9722-414A-A77B-C4BCA479C877}
2014-01-23 16:58:04 -------- d-----w- c:userscasaappdatalocal{037481C2-C906-44D7-ABC0-2A418ED3CAD7}
2014-01-22 15:36:32 -------- d-----w- c:userscasaappdatalocal{9082F407-0AF4-4DD3-9755-DF783B5B1653}
2014-01-22 03:36:07 -------- d-----w- c:userscasaappdatalocal{8211782E-69E1-425E-A991-1211B55AD0C4}
2014-01-21 15:35:43 -------- d-----w- c:userscasaappdatalocal{C9B29278-4DB2-4AAB-B6EC-5C3897B6D046}
2014-01-21 03:35:18 -------- d-----w- c:userscasaappdatalocal{99C55F1E-248C-41AF-A7E8-13D982D7D947}
2014-01-20 15:34:45 -------- d-----w- c:userscasaappdatalocal{AAFABF1C-9B9A-4F9B-81CC-261D5CA81DA9}
2014-01-19 17:03:13 -------- d-----w- c:userscasaappdatalocal{C990B2F1-3A7E-4496-A403-6BF09AEB9EDF}
2014-01-19 06:05:07 -------- d-----w- C:Games
2014-01-19 05:57:44 -------- d-----w- c:program filesNexus Mod Manager
2014-01-19 04:50:48 -------- d-----w- c:userscasaappdatalocal{D2D14E05-A1ED-4C14-B3EC-FA84CF9CA717}
2014-01-18 04:50:11 -------- d-----w- c:userscasaappdatalocal{1CDE3E75-F271-441F-AEA8-5E7636038170}
2014-01-17 16:49:46 -------- d-----w- c:userscasaappdatalocal{9DDA88AB-7309-45EE-AD49-840C5C5EF9AD}
2014-01-17 04:49:21 -------- d-----w- c:userscasaappdatalocal{BDAABD57-FABD-493A-A7ED-B7535D9D1A32}
2014-01-16 16:48:56 -------- d-----w- c:userscasaappdatalocal{D7E0E78E-2C16-4E31-9415-1FBAC1EC6C40}
2014-01-16 14:27:53 22856 ----a-w- c:windowssystem32driversmbam.sys
2014-01-16 14:27:53 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2014-01-16 12:06:45 -------- d-----w- C:BOSS
2014-01-16 04:48:32 -------- d-----w- c:userscasaappdatalocal{123E424E-E418-4762-B9DE-AC41E5BC425C}
2014-01-15 16:48:07 -------- d-----w- c:userscasaappdatalocal{CAC9384C-9AE1-440A-B3AE-3BEBBD64A422}
2014-01-15 04:47:43 -------- d-----w- c:userscasaappdatalocal{27828DD0-9E28-484E-8B0D-121A2D9B4931}
2014-01-14 16:47:19 -------- d-----w- c:userscasaappdatalocal{144CF511-7041-44A5-A3CB-628D79C75366}
2014-01-14 04:46:54 -------- d-----w- c:userscasaappdatalocal{C592396B-8958-4827-A2E1-CD83CA938D89}
2014-01-13 04:46:17 -------- d-----w- c:userscasaappdatalocal{C68BE041-1CA4-4638-92F4-EA7A5CF05D1E}
2014-01-12 16:45:44 -------- d-----w- c:userscasaappdatalocal{E829C925-AE14-431E-8411-79C53ABECE74}
2014-01-11 16:01:23 -------- d-----w- c:userscasaappdatalocal{BB8F28A7-55ED-4D5E-BC59-FBB5E7DC0B46}
2014-01-10 13:05:50 -------- d-----w- c:userscasaappdatalocal{137B6E8E-2B22-49BE-905D-84E7971A839D}
2014-01-10 02:58:08 -------- d-----w- c:program filesCCleaner
2014-01-10 01:35:55 -------- d-----w- c:userscasaappdataroamingAVAST Software
2014-01-10 01:32:13 64168 ----a-w- c:windowssystem32driversaswstm.sys
2014-01-10 01:24:32 -------- d-----w- c:programdataAVAST Software
2014-01-10 01:05:25 -------- d-----w- c:userscasaappdatalocal{7D22B45F-51D1-494B-A8F0-76BAF10132AA}
2014-01-09 13:05:00 -------- d-----w- c:userscasaappdatalocal{5A0017C6-4D95-4F78-9FFF-E55E10B37965}
2014-01-08 03:09:28 -------- d-----w- c:userscasaappdatalocal{DC13B96B-1B0F-404A-A90D-49F8A44AC219}
2014-01-07 15:08:54 -------- d-----w- c:userscasaappdatalocal{21D658DD-F2A0-4CF8-8469-F912D63A2C72}
2014-01-06 16:08:15 -------- d-----w- c:userscasaappdatalocal{AE922A7D-E3BB-4D56-AD7C-B9A9CDAD776E}
2014-01-05 16:07:37 -------- d-----w- c:userscasaappdatalocal{609261FD-F122-4F19-9F84-5BA33D20D617}
.
Find3M
.
2014-01-31 20:46:23 71048 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2014-01-31 20:46:23 692616 ----a-w- c:windowssystem32FlashPlayerApp.exe
2014-01-31 20:39:09 94632 ----a-w- c:windowssystem32WindowsAccessBridge.dll
2014-01-30 01:54:01 775952 ----a-w- c:windowssystem32driversaswSnx.sys
2014-01-30 01:54:01 67824 ----a-w- c:windowssystem32driversaswMonFlt.sys
2014-01-30 01:54:01 43152 ----a-w- c:windowsavastSS.scr
2014-01-10 01:32:06 79720 ----a-w- c:windowssystem32driversaswRdr2.sys
2014-01-10 01:32:06 49944 ----a-w- c:windowssystem32driversaswRvrt.sys
2014-01-10 01:32:06 180248 ----a-w- c:windowssystem32driversaswVmm.sys
2013-12-20 04:38:59 140064 ----a-w- c:windowssystem32driversPnkBstrK.sys
2013-12-20 04:38:52 280856 ----a-w- c:windowssystem32PnkBstrB.xtr
2013-12-20 04:38:52 280856 ----a-w- c:windowssystem32PnkBstrB.exe
2013-12-17 06:03:31 280792 ----a-w- c:windowssystem32PnkBstrB.ex0
2013-11-14 18:02:11 111262 ----a-w- c:windowssystem32PGPlspRollback.reg
.
FINISH: 6:27:29.11


Safari extension packer for node.js.

Just a JavaScript interface for xar-js

Project Setup

You need to have your private key, developer certificate and Apple certificates in separate files.Install openssl and put it to path if needed.

Open Keychain Access and export your Safari Developer certificate to sd.p12. Extract the private key by

However, this might output the private key in PKCS#1 format ('BEGIN RSA PRIVATE KEY').You want PKCS#8 ('BEGIN PRIVATE KEY'). Then you need to do one more step:

Then extract your certificate by

The Apple root and developer certificates are located in this project apple directory. Or you can export them from your keychain.

By the way, if you get an update Apple cerificate in DER (binary) form, you convert it into PEM by

TaxAvast For Mac Gzip Js Scriptpe-inf [trj] 2018

Alternative: get all the certificates from an existing package

Avast For Mac Gzip Js Scriptpe-inf Trj 2018 Calendar

This assumes you have your extension developer certificate set up and Safari can produce .safariextz packages.

  • Download xar 1.6.1 from https://github.com/mackyle/xar (precisely this one or its fork, not 1.5.x, not 1.7.x)
  • ./configure and make it
  • xar -f package.safariextz --extract-certs .

Gzip Js

Usage

Avast For Mac Gzip Js Scriptpe-inf Trj 2018 Tax

Recent changes

  • Switched from xar 1.6.1 to xar-js