Return to the Computer Help Forum | Post a Follow-Up

 o
JS/Redir

Posted by damccoy (My Page) on
Wed, Jul 21, 10 at 13:01

I've been gone for a couple days for work, and I returned to a reoccurring notification from AVG of a threat, JS/Redir. It is a cache sub-file located in the Profile file for Firefox in the User Folder, and it only occurs when using Firefox. Even when quarantined it will immediately reappear when using FF. The quirk is it only appears to happen here at this forum.

Malwarebytes, SuperAntiSpyware, and Spybot are all negative.

System Restore is turned off for the time being.

Google does not make a firm reference to it specifically just along with other variants. I went to a few forums that appear on the report I am not familiar with. They make suggestions of downloading certain software to remove it. AVG encyclopedia doesn't even reference it.

I am wondering if this may be a false positive.

Firefox 3.6.7 was released today. I think I am going to try the upgrade before anything else.

My temperament is not good right now so I am going slow on this.

DA



Follow-Up Postings:

 o
RE: JS/Redir

I'm getting the same thing. Just started this morning.

Kevin


 o
RE: JS/Redir

I've been waiting for some one here at CompHelp to post about this. KT is swamped with the Alerts, some GW forums aren't getting any.

I get the same message using IE.

Sue


 o
RE: Redir

This is what happened with me. Early this morning I didn't have any problems. Then I did the 3.6.7 upgrade and that's when it started. I ran AVG and it found 96 Threats. Moved 'em to the virus vault, deleted them and for a while didn't have any more problems. Came back to the 'puter a couple of hours later, went to my usual GW Forums and it all started up again.

Kevin


 o
RE: JS/Redir

not seeing this but am on linux using firefox.
it is sounding like false positive, but doing the update might be wise.
Have you tried it using firefox in safe mode to see if one of the add ons may be triggering it?
start>mozilla> firefox safe mode

just to inform there has been an alert put out about a couple of firefox add ons that are security vulnerabilities. if you have them you might want to eliminate them.
Add-on security vulnerability announcement


 o
REe: JS/Redir

also another thought might try going into your java in control panel and clear it's cache.
control panel> java> on general tab at bottom temp internet files click settings then delete files, ok


 o
RE: JS/Redir

This morning, while using another home computer, I came across a similar post in the plumbing forum. Maybe this is coincidental (and I don't want to impugn another member), but immediately after I clicked through the first response I started having problems with this redirect. AVG keeps finding it, I keep sending it to the vault, and I still have problems. I'm running a full scan on that computer as I write this.


 o
follow-up

Correction: I found that inquiry in the Heating & Ac forum.

Not sure about this, but another responder wrote the following:

"That is not a virus, it is your
java script trying to update itself."


 o
RE: JS/Redir

Similar problems here. It began last night on several GardenWeb forums. I shut down the machine without testing other sites. Installed the Firefox 3.6.7 upgrade a day or two prior. (HP 8100; Vista sp2)

No problems so far this morning. But I've only been on for about 5 minutes.

I scanned last night but only w/updated Malwarebytes -- had planned to run additional scans and look for solutions today.

Last night, only references I could find were for XP. Typically the problem was noticed following a new hardware install and was associated with existing hardware. Nothing new for me and Device Manager doesn't show any problems. (But family is visiting, it was late, and I lacked the energy to go further at that time.)

I see that ravencajun posted just before this. Will look into that.


 o
RE: JS/Redir - ack

Phoo! Posted the previous note, refreshed the page and it's baaack!


 o
RE: JS/Redir

Upgrading to 3.6.7 did not help. I even did a clean install after using REVO and removing all my personal data, add-ons, bookmarks, etc. It is still occurring "Here" without any add-ons.

The upgrading in general is a good idea as the change log indicates improvements to stability and security.

My temperament is still pretty tense now as I have to get on-line for work, and the project doesn't do well with IE. Oh well!

Knowing what I know, being through what I have been through, and reading all the posts, I recommend that members just step back for a while, and take a wait and see attitude. My guess is it is a false positive so at this time I am just going to X-out of the alert.

On the safe side, if you have some type of financial transactions to deal with on-line perhaps an alternative updated, and secure browser may be in order until we find out exactly what is going on.

DA


 o
Java Cache

Clearing Java cache didn't help.

DA


 o
RE: JS/Redir

I would urge caution in deleting any items from the vault leave them there in the vault when there is a question of a false positive always leave things in the vault in case it is a needed file so it can be retrieved. It will not hurt anything being in the vault for a while but if deleted and you find you need it then that can be a problem.

I agree on the wait and see also, I am guessing the firefox team is on this asap.


 o
REee: JS/Redir

those seeing this try starting in safe mode and running scans with malwarebytes, superantispyware and your current AV.
In some cases I have read it seems to work better in removing when used in safe mode for this one.
Also clear all caches in your browsers.

this is being reported over at the AVG forums as well.


 o
REeeee: JS/Redir

Is this only happening with users of AVG? if you see this and are using some other AV program please list it.


 o
REeeeeee: JS/Redir

I would not turn off system restore since this could be a false positive no need to lose all restore points. They can always be taken care of later if something is found to be in them. Even an infected restore point can be used if needed in case of emergency.

trying to go back to a previous restore point a few days ago may actually be worth a try.


 o
RE: JS/Redir

Using Opera browser and AVAST I see nothing of the sort.


 o
RE: JS/Redir-more

No problem with Chrome browser or Firefox 3.6.6, so it must be an AVG thing.


 o
RE: JS/Redir

AVG has discovered that they are reporting false positives for JS/Redir on many sites (not just GW, but GW seems to be one of the big ones). Update AVG tomorrow and see if it goes away.


 o
RE: JS/Redir

Speaking only of my system, this file is a cache file and can be safely deleted. The only inconvenience for me is I have to manually enter the url for here in the address bar to get back to the forum after deleting or quarantining the file. The Bookmarks do not connect. I even set the forum as my homepage and that button did not work either. Once I have regained access I then can use the aforementioned.

Because of the content of the posts here, I have turned System Restore back on, and recommend that others do also.

DA


 o
REeeeee: JS/Redir

from the AVG forums:
"by jirka82:
It seems that this might be a false alarm. Please wait for about 20 hours , update your AVG and re-check the issue."

that is in response to someone asking about this JS/Redir


 o
RE: JS/Redir

My son got it last night on his computer running IE and AVAST. Tried to run Defender and it wouldn't update. Tried to run AVAST and couldn't update. Rebooted and it was gone. Ran all scans and nothing came up.

He was on Facebook and I thought he got a virus.

Jane


 o
RE: JS/Redir

Around 1am I set Resident Shield active and ''Remove all threats automatically.'' I downloaded an AVG update and haven't had any popup virus messages yet. To check, ''reset'' the ''Threats detected and blocked'' to zero and load/reload/access any GW page; the counter should still say 0 on the Resident Shield page. In the list of infected files, you can empty them and then check again later to insure the list is still empty. I'm using IE if it matters.

Hope this helps.


 o
RE: JS/Redir

For what it's worth... The beginning of last month I was having the redirect problem ( Which AVG Free DID NOT find! )... I took the computer into the shop and my tech said he found a rootkit virus... After he got rid of it I had him uninstall AVG, install Microsoft Security Essentials, MalwareBytes and redo SpyBot ( He also installed I. E. 8 and ran all the scans after he cleaned it up )... The very next night I ran a Full scan with Security Essentials and it found " Virus: Win32/Alureon.H ", it Disinfected the file and told me which file to delete...

Two days later Security Essentials found " Exploit: Java/CVE-2008-5353.1 " and Removed all the files... ( BTW, I ran MalwareBytes first and it didn't find it )

I've been getting my updates and running scans on a regular basis and so far.... All clear...

Rita
P. S. I have my computer set to Alert me of MS updates but not to install them... The definitions for Security Essentials DO NOT show up in the regular MS security updates, you have to manually update them every day...

Rita


 o
RE: JS/Redir

Rita wrote The definitions for Security Essentials DO NOT show up in the regular MS security updates, you have to manually update them every day...

You do not have to manually update MSE definitions. The program is fully automatic and by default is set to scan at 2 a.m. each Sunday or when the computer is next switched on.


 o
RE: JS/Redir

I use IE7 as my browser and have Norton AV and have not seen any problems like this at all--fingers crossed.


 o
RE: JS/Redir

For members who missed the entry on "What's new....." or they have that area collapsed

Here is a link that might be useful: Garden Web


 o
RE: JS/Redir

Someone did something somewhere whether it be AVG or GW as the intrusion is over on this system.

DA


 o
RE: JS/Redir

I'm thinking it may have been the people at AVG. I haven't had an event in a couple of days now of which I had two. One coming to this site and the first time while leaving Yahoo after checking mail there.


 o Post a Follow-Up

Please Note: Only registered members are able to post messages to this forum.

    If you are a member, please log in.

    If you aren't yet a member, join now!


Return to the Computer Help Forum

Information about Posting

  • You must be logged in to post a message. Once you are logged in, a posting window will appear at the bottom of the messages. If you are not a member, please register for an account.
  • Posting is a two-step process. Once you have composed your message, you will be taken to the preview page. You will then have a chance to review your post, make changes and upload photos.
  • After posting your message, you may need to refresh the forum page in order to see it.
  • Before posting copyrighted material, please read about Copyright and Fair Use.
  • We have a strict no-advertising policy!
  • If you would like to practice posting or uploading photos, please visit our Test forum.
  • If you need assistance, please Contact Us and we will be happy to help.


Learn more about in-text links on this page here