Windows Defender detecting Virus JS/Adrozek.A
-
burnout426 Volunteer last edited by
I'd copy the file and look at it in a text editor and hex editor to see if there's anything revealing. Might have to run it through a Javascript bytecode decompiler or something too.
Anyone want to zip up the file and make it available for download?
-
wanderlei last edited by
Same issue for me. Opera browser keeps generating this threat. Website visited is irrelevant to its creation.
-
leocg Moderator Volunteer last edited by
@wanderlei So after you have cleaned cache and the directory mentioned on the alert, you get the alert again in the first page you visit?
-
burnout426 Volunteer last edited by burnout426
@tjall, just pasting this part of the URL you posted in Notepad++ triggers Windows Defender for me (in the Notepad++ backup file that gets auto-generated for the document):
I suggest others with this problem look in the detected file to see what URL is listed. Just in case, do a screen shot of it or something so it doesn't trigger defender when users visit this thread
-
vsolanic last edited by
I have the same issue. Is it clear by now if it is a real virus, or what exactly it is?
-
wanderlei last edited by
@leocg said in Windows Defender detecting Virus JS/Adrozek.A:
@wanderlei So after you have cleaned cache and the directory mentioned on the alert, you get the alert again in the first page you visit?
What happen with me, I got alert from defender, I removed the suspect file, I start browsing completely different site, the same alert from defender again. This happened 6 times across different sites.
I downloaded and ran malwarebytes but everything thing was clean.
I run a few extensions, I will disable all of those and see what happens.
-
mouse last edited by
@wanderlei said in Windows Defender detecting Virus JS/Adrozek.A:
wanderlei
I suspect you're right. It's not a bad web page. Not likely that we're all on that web page. This has been happening for just a few days. I think it's a false positive. When I run Super anti-spyware or Spybot on the cache, it picks up no threat. But i could be wrong.
-
jclinansmtih last edited by
Same thing just started popping up for me too. Only with Opera. I am starting to wonder if there is something going on with Windows Defender and Opera. We all cant be visiting the same sites who have posted in this thread.
-
leocg Moderator Volunteer last edited by
@wanderlei So far I didn't get such alert from Windows Defender, so it seems to me that the problem is related to a specific site or to an extension.
-
Svarnoy60 last edited by
Removed the SaveFrom.net video upload extension. The threats are gone.
Who has this extension? -
VDNKh last edited by
Very same problem here, it started to happen from 02/09 browsing ansa.it website: history for the last days recorded negligible browsing with just the usual 3 tabs opened (youtube (for music) , gpone and amazon; no extension added in months.
A full disk scan with Defender found the same threat in 4 different cache files and removed them: alerts still coming from the above mentioned file regenerating in js cache but any new full scan now is clean.
-
mouse last edited by
@Svarnoy60 - I do not use the savefrom downloader. I have "Force Download 1.08" at ashus.ashus.net. and I have "HD Video Downloader". But I don't use them. I use IDM instead. I will disable the ones I don't use. But this is a hit or miss exercise. Why can't Opera troubleshoot this? I can't open the suspect js cache files because Defender quarantines them.