I ran a scan using Kapersky's online scan tool. I did this twice. (BTW, I'm running Windows XP Media Center Edition SP3 and IE 8.0.6....)
The first time, I came up with 4 trojan downloaders: Trojan-Downloader.JS.Lucky
Spoit.e, Trojan-Downloader.JS.Psyme
.hz, another instance of Trojan-Downloader.JS.Psyme
.hz, and Trojan-Downloader.JS.Ifram
e.vz. Apparently, I got rid of the first 3 by uninstalling the application in whose folder the trojan resided. Also, I got rid of the 4th (the subject of this thread) by just deleting the file and emptying the Recycle Bin. Then, if I recall, I restarted the PC.
Then, I re-ran the Kaspersky scan. It, again, came up with the Trojan-Downloader.JS.Psyme
.hz; this time it was in a different file. Both files were contained in the path F:\BackupOnlyESS\My Documents--EMERGENCY BACKUP OF NEW D DRIVE ONLY--Eric\Downloads\membe
rs.tsmtrav
el.com\[2 different yada, yada, yada subfolders]. (Last period closes the sentence. Not part of path.) I'm going to, again delete the file Trojan-Downloader.JS.Ifram
e.vz, the allegedly infected file. (BTW the "I" in "IFrame" is an "I," as in indigo, not an "L" as in Lotus.) I'm going to empty the Recycle Bin, restart the PC, download the latest version of Java (I have multiple Java icons in the SysTray), restart the PC, and re-run the Kaspersky online scanner. We'll see what happens.
TWO QUESTIONS:
(1) What's the deal? Kaspersky online scanner (or whatever it's called) found Trojan-Downloader.JS.Ifram
e.vz the first time around. It only found the second instance of it the second time I ran the scan. Did Kaspersky miss it, or did the malware re-create itself, only to be detected the second time around?
(2) What are the trustworthy sites (e.g., Kaspersky and Symantec) that have an online scanner function? (I don't know if Symantec even has this.) It's been suggested on other sites, notably in a CNET forum, that
http://www.sophos.com/security/analyses/trojmaranar.html will take care of my problem. I've never heard of Sophos. Are they trustworthy? Is this tool a freebee, or at least one that won't make me uninstall NIS09 (see next paragraph)?
Finally, I should note that I've been running Norton Internet Security 2009 (NIS09). It missed this trojan, both when running a full system scan and when I told it to scan the file detected on the second running of Kaspersky's online scanner. So, there's actually a third question:
(3) Do I have a problem with NIS09? Or, does it suck, despite all of the wonderful reviews? Or, do I have it incorrectly configured? Or, is the Kaspersky online scanner paranoid or otherwise malfunctioning? I don't think the Kaspersky online scanner is just a sales tool, designed to scare potential customers, as I ran it previously on another PC, and it came up clean.
Thanks much.
