JS/Redir

DA_MccoyJuly 21, 2010

I've been gone for a couple days for work, and I returned to a reoccurring notification from AVG of a threat, JS/Redir. It is a cache sub-file located in the Profile file for Firefox in the User Folder, and it only occurs when using Firefox. Even when quarantined it will immediately reappear when using FF. The quirk is it only appears to happen here at this forum.

Malwarebytes, SuperAntiSpyware, and Spybot are all negative.

System Restore is turned off for the time being.

Google does not make a firm reference to it specifically just along with other variants. I went to a few forums that appear on the report I am not familiar with. They make suggestions of downloading certain software to remove it. AVG encyclopedia doesn't even reference it.

I am wondering if this may be a false positive.

Firefox 3.6.7 was released today. I think I am going to try the upgrade before anything else.

My temperament is not good right now so I am going slow on this.

DA

Thank you for reporting this comment. Undo
aachenelf z5 Mpls

I'm getting the same thing. Just started this morning.

Kevin

    Bookmark   July 21, 2010 at 1:12PM
Thank you for reporting this comment. Undo
sue_va

I've been waiting for some one here at CompHelp to post about this. KT is swamped with the Alerts, some GW forums aren't getting any.

I get the same message using IE.

Sue

    Bookmark   July 21, 2010 at 1:25PM
Thank you for reporting this comment. Undo
aachenelf z5 Mpls

This is what happened with me. Early this morning I didn't have any problems. Then I did the 3.6.7 upgrade and that's when it started. I ran AVG and it found 96 Threats. Moved 'em to the virus vault, deleted them and for a while didn't have any more problems. Came back to the 'puter a couple of hours later, went to my usual GW Forums and it all started up again.

Kevin

    Bookmark   July 21, 2010 at 1:44PM
Thank you for reporting this comment. Undo
ravencajun Zone 8b TX

not seeing this but am on linux using firefox.
it is sounding like false positive, but doing the update might be wise.
Have you tried it using firefox in safe mode to see if one of the add ons may be triggering it?
start>mozilla> firefox safe mode

just to inform there has been an alert put out about a couple of firefox add ons that are security vulnerabilities. if you have them you might want to eliminate them.
Add-on security vulnerability announcement

    Bookmark   July 21, 2010 at 1:48PM
Thank you for reporting this comment. Undo
ravencajun Zone 8b TX

also another thought might try going into your java in control panel and clear it's cache.
control panel> java> on general tab at bottom temp internet files click settings then delete files, ok

    Bookmark   July 21, 2010 at 1:51PM
Thank you for reporting this comment. Undo
homebound

This morning, while using another home computer, I came across a similar post in the plumbing forum. Maybe this is coincidental (and I don't want to impugn another member), but immediately after I clicked through the first response I started having problems with this redirect. AVG keeps finding it, I keep sending it to the vault, and I still have problems. I'm running a full scan on that computer as I write this.

    Bookmark   July 21, 2010 at 1:52PM
Thank you for reporting this comment. Undo
homebound

Correction: I found that inquiry in the Heating & Ac forum.

Not sure about this, but another responder wrote the following:

"That is not a virus, it is your
java script trying to update itself."

    Bookmark   July 21, 2010 at 1:56PM
Thank you for reporting this comment. Undo
jean001

Similar problems here. It began last night on several GardenWeb forums. I shut down the machine without testing other sites. Installed the Firefox 3.6.7 upgrade a day or two prior. (HP 8100; Vista sp2)

No problems so far this morning. But I've only been on for about 5 minutes.

I scanned last night but only w/updated Malwarebytes -- had planned to run additional scans and look for solutions today.

Last night, only references I could find were for XP. Typically the problem was noticed following a new hardware install and was associated with existing hardware. Nothing new for me and Device Manager doesn't show any problems. (But family is visiting, it was late, and I lacked the energy to go further at that time.)

I see that ravencajun posted just before this. Will look into that.

    Bookmark   July 21, 2010 at 2:01PM
Thank you for reporting this comment. Undo
DA_Mccoy

Upgrading to 3.6.7 did not help. I even did a clean install after using REVO and removing all my personal data, add-ons, bookmarks, etc. It is still occurring "Here" without any add-ons.

The upgrading in general is a good idea as the change log indicates improvements to stability and security.

My temperament is still pretty tense now as I have to get on-line for work, and the project doesn't do well with IE. Oh well!

Knowing what I know, being through what I have been through, and reading all the posts, I recommend that members just step back for a while, and take a wait and see attitude. My guess is it is a false positive so at this time I am just going to X-out of the alert.

On the safe side, if you have some type of financial transactions to deal with on-line perhaps an alternative updated, and secure browser may be in order until we find out exactly what is going on.

DA

    Bookmark   July 21, 2010 at 2:03PM
Thank you for reporting this comment. Undo
jean001

Phoo! Posted the previous note, refreshed the page and it's baaack!

    Bookmark   July 21, 2010 at 2:03PM
Thank you for reporting this comment. Undo
DA_Mccoy

Clearing Java cache didn't help.

DA

    Bookmark   July 21, 2010 at 2:07PM
Thank you for reporting this comment. Undo
ravencajun Zone 8b TX

I would urge caution in deleting any items from the vault leave them there in the vault when there is a question of a false positive always leave things in the vault in case it is a needed file so it can be retrieved. It will not hurt anything being in the vault for a while but if deleted and you find you need it then that can be a problem.

I agree on the wait and see also, I am guessing the firefox team is on this asap.

    Bookmark   July 21, 2010 at 2:10PM
Thank you for reporting this comment. Undo
ravencajun Zone 8b TX

those seeing this try starting in safe mode and running scans with malwarebytes, superantispyware and your current AV.
In some cases I have read it seems to work better in removing when used in safe mode for this one.
Also clear all caches in your browsers.

this is being reported over at the AVG forums as well.

    Bookmark   July 21, 2010 at 2:21PM
Thank you for reporting this comment. Undo
ravencajun Zone 8b TX

Is this only happening with users of AVG? if you see this and are using some other AV program please list it.

    Bookmark   July 21, 2010 at 2:30PM
Thank you for reporting this comment. Undo
ravencajun Zone 8b TX

I would not turn off system restore since this could be a false positive no need to lose all restore points. They can always be taken care of later if something is found to be in them. Even an infected restore point can be used if needed in case of emergency.

trying to go back to a previous restore point a few days ago may actually be worth a try.

    Bookmark   July 21, 2010 at 2:58PM
Thank you for reporting this comment. Undo
grandms

Using Opera browser and AVAST I see nothing of the sort.

    Bookmark   July 21, 2010 at 3:00PM
Thank you for reporting this comment. Undo
grandms

No problem with Chrome browser or Firefox 3.6.6, so it must be an AVG thing.

    Bookmark   July 21, 2010 at 3:09PM
Thank you for reporting this comment. Undo
bpgreen

AVG has discovered that they are reporting false positives for JS/Redir on many sites (not just GW, but GW seems to be one of the big ones). Update AVG tomorrow and see if it goes away.

    Bookmark   July 21, 2010 at 3:16PM
Thank you for reporting this comment. Undo
DA_Mccoy

Speaking only of my system, this file is a cache file and can be safely deleted. The only inconvenience for me is I have to manually enter the url for here in the address bar to get back to the forum after deleting or quarantining the file. The Bookmarks do not connect. I even set the forum as my homepage and that button did not work either. Once I have regained access I then can use the aforementioned.

Because of the content of the posts here, I have turned System Restore back on, and recommend that others do also.

DA

    Bookmark   July 21, 2010 at 3:21PM
Thank you for reporting this comment. Undo
ravencajun Zone 8b TX

from the AVG forums:
"by jirka82:
It seems that this might be a false alarm. Please wait for about 20 hours , update your AVG and re-check the issue."

that is in response to someone asking about this JS/Redir

    Bookmark   July 21, 2010 at 4:36PM
Thank you for reporting this comment. Undo
jane__ny

My son got it last night on his computer running IE and AVAST. Tried to run Defender and it wouldn't update. Tried to run AVAST and couldn't update. Rebooted and it was gone. Ran all scans and nothing came up.

He was on Facebook and I thought he got a virus.

Jane

    Bookmark   July 21, 2010 at 10:57PM
Thank you for reporting this comment. Undo
korney19

Around 1am I set Resident Shield active and ''Remove all threats automatically.'' I downloaded an AVG update and haven't had any popup virus messages yet. To check, ''reset'' the ''Threats detected and blocked'' to zero and load/reload/access any GW page; the counter should still say 0 on the Resident Shield page. In the list of infected files, you can empty them and then check again later to insure the list is still empty. I'm using IE if it matters.

Hope this helps.

    Bookmark   July 22, 2010 at 1:49AM
Thank you for reporting this comment. Undo
ritaotay

For what it's worth... The beginning of last month I was having the redirect problem ( Which AVG Free DID NOT find! )... I took the computer into the shop and my tech said he found a rootkit virus... After he got rid of it I had him uninstall AVG, install Microsoft Security Essentials, MalwareBytes and redo SpyBot ( He also installed I. E. 8 and ran all the scans after he cleaned it up )... The very next night I ran a Full scan with Security Essentials and it found " Virus: Win32/Alureon.H ", it Disinfected the file and told me which file to delete...

Two days later Security Essentials found " Exploit: Java/CVE-2008-5353.1 " and Removed all the files... ( BTW, I ran MalwareBytes first and it didn't find it )

I've been getting my updates and running scans on a regular basis and so far.... All clear...

Rita
P. S. I have my computer set to Alert me of MS updates but not to install them... The definitions for Security Essentials DO NOT show up in the regular MS security updates, you have to manually update them every day...

Rita

    Bookmark   July 22, 2010 at 3:38AM
Thank you for reporting this comment. Undo
owbist

Rita wrote The definitions for Security Essentials DO NOT show up in the regular MS security updates, you have to manually update them every day...

You do not have to manually update MSE definitions. The program is fully automatic and by default is set to scan at 2 a.m. each Sunday or when the computer is next switched on.

    Bookmark   July 22, 2010 at 7:13AM
Thank you for reporting this comment. Undo
ginny12

I use IE7 as my browser and have Norton AV and have not seen any problems like this at all--fingers crossed.

    Bookmark   July 22, 2010 at 9:47AM
Thank you for reporting this comment. Undo
DA_Mccoy

For members who missed the entry on "What's new....." or they have that area collapsed

Here is a link that might be useful: Garden Web

    Bookmark   July 22, 2010 at 12:47PM
Thank you for reporting this comment. Undo
DA_Mccoy

Someone did something somewhere whether it be AVG or GW as the intrusion is over on this system.

DA

    Bookmark   July 22, 2010 at 4:33PM
Thank you for reporting this comment. Undo
shboom

I'm thinking it may have been the people at AVG. I haven't had an event in a couple of days now of which I had two. One coming to this site and the first time while leaving Yahoo after checking mail there.

    Bookmark   July 23, 2010 at 12:51AM
Sign Up to comment
More Discussions
XP backup reinstall
Back again, considering doing a XP backup (what's best...
jerry_nj
Firefox too much security? frequent blocking
I continue to have problems with Firefox blocking and...
jerry_nj
I-Pad Backup Help or Need?
I need advise on or need for backing up my wife's I-pad. Wife...
chas045
Installing a free Antivirus with Malware included - recommendations
I am setting up my mom's new Asus Win 8.1 laptop. She...
debo_2006
Only free amti-malware? I was told the purchased stuff NG.
I looked for advice a few days back on purchased maintenance/anti-malware...
jerry_nj
Sponsored Products
Jump Start 72 Cell Greenhouse - JS72CG
$24.99 | Hayneedle
Amba J Straight JS-20 Hardwired Towel Warmer - JSB-20
$480.00 | Hayneedle
Quoizel Josslyn JS1820BN Pendant - JS1820BN
$429.99 | Hayneedle
Filament Design Wall Mounted Mason 3-Light Copper Outdoor Wall Lantern JS63E
Home Depot
Filament Design Wall Mounted Mason 2-Light Copper Outdoor Wall Lantern JS62E
Home Depot
Hydrofarm Jumpstart 36-Pellet Indoor Seed Start Refills - JS36PR
$16.14 | Hayneedle
People viewed this after searching for:
© 2015 Houzz Inc. Houzz® The new way to design your home™