Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:JS/PhoexRef.E
Date discovered:13/04/2012
Type:JavaScript
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
VDF version:7.11.27.132 - Friday, April 13, 2012
IVDF version:7.11.27.132 - Friday, April 13, 2012

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan.JS.Agent.bxw
   •  Sophos: Mal/Iframe-AE
   •  Bitdefender: Trojan.JS.Agent.FPP
   •  Grisoft: HTML/Framer
   •  Eset: JS/Iframe.CX trojan
     GData: Trojan.JS.Agent.FPP
     Norman: Trojan JS/Agent.ADR


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
    Can be used to execute malicious code
   • Downloads a file

 Files The following file is created:

%HOME%\file.exe

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS servers are contacted:
   • http://**********.**********.250.173:**********/navigator/**********.php
   • http://**********.**********.250.173:**********/pages/**********.php
   • http://**********.**********.250.173:**********/pages/**********.pdf
   • http://**********.ru:**********/pages/**********.php?i=15

Description inserted by Wensin Lee on Monday, April 16, 2012
Description updated by Wensin Lee on Monday, April 16, 2012

Back . . . .