JS/Agent.NKI.Gen trojan HELP!

[Guest SkyL]

Hello All,

 

For the past day I have been extremely frustrated as ESET has popped up with JS/Agent.NKI.Gen trojan as this was before reformatting my computer. After reformatting I still receive the pop up which is exactly the same. I have ran full scans and also tried using Malwarebytes but still can't find anything.

 

ESET has detected: 

OBJECT NAME - h ttp://raiggy.com/raiggys.js

Size - 8000

Reason - JS/Agent.NKI.Gen trojan

Count - 2

 

Thank you for any help in advance, 

Sky

[Marcos 5,072]

It seems to be a recently added malware that is probably downloaded from legitimate compromised websites. I assume the alert started popping up only after you visited certain website, not immediately after reinstalling Windows. This is also a good example of that ESET excels in detection of web-borne threats 

 

Is the threat detected even if you don't open any website in a browser? Couldn't it be that you were attempting to look up something on the "www.re.....ce.com" domain? (some letters were intentionally replaced by periods).

 

Please create a SysInspector log as per the instructions here and submit it to ESET along with a link to this thread by following the instructions in this KB article.

[SweX 871]

Hello.

Do you see the threat popup when you visit that site, or even when your browser is closed ?

 

And what does ESET say, something like "Connection Terminated" ? 

 

If you see the popup from ESET when you have accessed the site, what exactly does ESET say ?

 

But it's important to know when do you see the threat popup?, when you are on the website, or ?

So...If you see the threat popup, only when you are on that website, then I would say it's likely that ESET is blocking/preventing the threat so it hasn't infected your PC in anyway. 

 

FYI, I can tell you that ESET is not the only vendor that thinks that raiggy.com is in a bad state right now.

 

Also, follow the instructions by Marcos above.

Edited August 28, 2013 by SweX

[Marcos 5,072]

I can tell that at least one of the vendors who block the malicious website at VirusTotal does not detect the malicious script and does not block other websites that serve the script to users. Just two examples:
 
Normalized URL: hxxp://gxxxxx.com
Detection ratio: 1 / 38
ESET    Malware site

Normalized URL: hxxp://wxxxxx.com/
Detection ratio: 1 / 38
ESET Malware site

 

I'd also add that it's been detected and blocked by ESET about 20,000 times so far so it seems to be a quite prevalent web threat not yet recognized or blocked by other vendors.

[Arakasi 549]

I'd also add that it's been detected and blocked by ESET about 20,000 times so far so it seems to be a quite prevalent web threat not yet recognized or blocked by other vendors.

 

LOL - owned....

[SweX 871]

No surprise really, most vendors have implemented a URL Blocker (blocking access to the website via a blacklist), but having that ONLY is not enough! Wich is a reason why ESET is outstanding and very very effective in this area as you have much more than just a simple URL Blocker for the web protection, and that's one of the reasons why I like you so much 

[Guest SkyL]

SweX is absolutely correct, I figure out from dictionary.com that when I entered a wrong word into the search bar and then clicked onto the correct word that was suggested, ESET will pop up. However when I empty the cache and delete all cookies and browser history ESET continually pop up.