Jump to content

JS/Agent.NKI.Gen trojan HELP!


Recommended Posts

Posted

Hello All,

 

For the past day I have been extremely frustrated as ESET has popped up with JS/Agent.NKI.Gen trojan as this was before reformatting my computer. After reformatting I still receive the pop up which is exactly the same. I have ran full scans and also tried using Malwarebytes but still can't find anything.

 

ESET has detected: 

OBJECT NAME - h ttp://raiggy.com/raiggys.js

Size - 8000

Reason - JS/Agent.NKI.Gen trojan

Count - 2

 

Thank you for any help in advance, 

Sky

  • Administrators
Posted

It seems to be a recently added malware that is probably downloaded from legitimate compromised websites. I assume the alert started popping up only after you visited certain website, not immediately after reinstalling Windows. This is also a good example of that ESET excels in detection of web-borne threats  :)

 

Is the threat detected even if you don't open any website in a browser? Couldn't it be that you were attempting to look up something on the "www.re.....ce.com" domain? (some letters were intentionally replaced by periods).

 

Please create a SysInspector log as per the instructions here and submit it to ESET along with a link to this thread by following the instructions in this KB article.

Posted (edited)

Hello.

Do you see the threat popup when you visit that site, or even when your browser is closed ?

 

And what does ESET say, something like "Connection Terminated" ? 

 

If you see the popup from ESET when you have accessed the site, what exactly does ESET say ?

 

But it's important to know when do you see the threat popup?, when you are on the website, or ?

So...If you see the threat popup, only when you are on that website, then I would say it's likely that ESET is blocking/preventing the threat so it hasn't infected your PC in anyway. 

 

FYI, I can tell you that ESET is not the only vendor that thinks that raiggy.com is in a bad state right now.

 

Also, follow the instructions by Marcos above. :)

Edited by SweX
  • Administrators
Posted

I can tell that at least one of the vendors who block the malicious website at VirusTotal does not detect the malicious script and does not block other websites that serve the script to users. Just two examples:
 
Normalized URL: hxxp://gxxxxx.com
Detection ratio: 1 / 38
ESET    Malware site

Normalized URL: hxxp://wxxxxx.com/
Detection ratio: 1 / 38
ESET Malware site

 

I'd also add that it's been detected and blocked by ESET about 20,000 times so far so it seems to be a quite prevalent web threat not yet recognized or blocked by other vendors.

Posted
I'd also add that it's been detected and blocked by ESET about 20,000 times so far so it seems to be a quite prevalent web threat not yet recognized or blocked by other vendors.

 

LOL - owned....

Posted

No surprise really, most vendors have implemented a URL Blocker (blocking access to the website via a blacklist), but having that ONLY is not enough! Wich is a reason why ESET is outstanding and very very effective in this area as you have much more than just a simple URL Blocker for the web protection, and that's one of the reasons why I like you so much  :wub:

Posted

SweX is absolutely correct, I figure out from dictionary.com that when I entered a wrong word into the search bar and then clicked onto the correct word that was suggested, ESET will pop up. However when I empty the cache and delete all cookies and browser history ESET continually pop up.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...