Seems a website tried to execute a virus?

zaapa1

zaapa1 last edited by leocg

hi, browsing internet, i clicked a website on google and that website instead of load the expected thing, loaded a landing page of Opera
saying that i must "update it"
at same time my browser downloaded a JS file, that i proceed to upload, this file was analyzed on virustotal.com and it returned to be a trojan.
Do you guys think it got executed? its a bit messy the code, kind like a bit codified to difficult the read, any expert in JS want try to clean it in order to explain what it does and if it could had been executed or not?

by the way, after close the website and open it again, i never succeed to load the "landing" website again, the normal website loaded always,
how could that happend? you guys thing might be an extension i have that did it? or maybe was the website itself infect?

https://i.imgur.com/xhcizrc.png

Ane here is the code inside the file "Opera.Update.701da7.js" file:

https://controlc.com/5a25011d

riazahmad90

riazahmad90 Banned @zaapa1 last edited by

@zaapa1 said in Seems a website tried to execute a virus?:

https://i.imgur.com/xhcizrc.png

Yes last week same thing happened with me but I ignore that .... but now I can understand that someone try to inject a virus inside me computer.... Be careful guys

Bro does Windows Firewall protect our PC from such kind of virus or not?

zaapa1

zaapa1 @riazahmad90 last edited by

@riazahmad90 maybe if they detect the code as malware, but not even on virustotal all antivirus detected this code

also i wonder how this has been inyected, from an extension or maybe was the website itself? no idea

sgunhouse

sgunhouse Moderator Volunteer @zaapa1 last edited by

@zaapa1 Usually it comes from an ad on the site, so most articles I've read say.

zaapa1

zaapa1 @sgunhouse last edited by

@sgunhouse hum, thanks for the info, still odd since i have adguard plugin for block ads and also the build in blocker of opera, so usually i dont see and neither click ads,
but i can even warantee it in this case since i was looking for "ambigrams" and i openes several urls at same time from google, with the wheel button, meaning the 3 or 4 websites i did open were not even active view tabs, and then when i made them active to wich was the one i wanted, boom, i saw the opera landing page and JS file download.
maybe those ads are using a bug from some websites that allow them to load inside the legit URL website, because the downloaded JS file came from the legit URL too. Thats my guess, i dont know,
I even wrote a mail to the guy of the website, but got no response

thanks for your reply