Jump to content

Archived

This topic is now archived and is closed to further replies.

rawalanche

JS/Retefe.T trojan from SkypeBrowserHost.exe

Recommended Posts

Hello

today I have gotten a notification that a threat was removed from my computer. I am very responsible and careful, so this was a first time in years something like this has happened, and has me worried. It was a .js file with some long, hash-like string that was stored in %username%\AppData\Local\Microsoft\Windows\INetCache\IE\FREZXU48\ folder:

retefe.PNG.bbc235c53faa745c792f754f830489a4.PNG

Now, apparently this file was created and accessed by SkypeBrowserHost.exe, which is a component of Skype, that seems to share browser cache with Internet Explorer. The file is in a legit folder and it itself results in negative when tested by ESET Internet Security. I believe that SkypeBrowserHost.exe is specifically used to display ads in Skype using the IE framework.

I did not do anything questionable from security standpoint in recent days, or even months. I do not use, and have never used Internet Explorer in recent years. I don't think I've launched it once since last clean Windows install.

The way I see it there are two possibilities:

1, This is a false positive.

2, The advertising platform Skype uses to display ads has been compromised and SkypeBrowserHost.exe is being taken advantage of to deploy malicious software.

The latter option concerns me a bit. If that could be the case, shouldn't this be something that should be reported to Microsoft?

UPDATE:

I am getting this removed threat warning now every single time I launch Skype (Classic version for Windows desktop).

Share this post


Link to post
Share on other sites

Appears to be FP. We've stopped offering the latest update for now.

Share this post


Link to post
Share on other sites

Thanks but it's not needed. We have got some examples from the LiveGrid feedback system.

Share this post


Link to post
Share on other sites

Having the same exact problem starting today - yesterday I had no problem when starting Skype. The file flagged was JS file, located in the same folder as OP stated.

Share this post


Link to post
Share on other sites

Same problem, whats happening to skype?

Share this post


Link to post
Share on other sites

Please see my comment above. Updates were stopped and the detection will be removed momentarily.

Share this post


Link to post
Share on other sites

The FP has been fixed and update resumed.

Share this post


Link to post
Share on other sites

It is already flagging some file in Chrome as well, not only in Skype. 

Untitled-1.jpg.d3b1bff67d627150ac31133b0db47a08.jpg

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×