Seems a website tried to execute a virus?
zaapa1 last edited by leocg
hi, browsing internet, i clicked a website on google and that website instead of load the expected thing, loaded a landing page of Opera
saying that i must "update it"
at same time my browser downloaded a JS file, that i proceed to upload, this file was analyzed on virustotal.com and it returned to be a trojan.
Do you guys think it got executed? its a bit messy the code, kind like a bit codified to difficult the read, any expert in JS want try to clean it in order to explain what it does and if it could had been executed or not?
by the way, after close the website and open it again, i never succeed to load the "landing" website again, the normal website loaded always,
how could that happend? you guys thing might be an extension i have that did it? or maybe was the website itself infect?
Ane here is the code inside the file "Opera.Update.701da7.js" file:
riazahmad90 last edited by
@zaapa1 said in Seems a website tried to execute a virus?:
Yes last week same thing happened with me but I ignore that .... but now I can understand that someone try to inject a virus inside me computer.... Be careful guys
Bro does Windows Firewall protect our PC from such kind of virus or not?
zaapa1 last edited by
@riazahmad90 maybe if they detect the code as malware, but not even on virustotal all antivirus detected this code
also i wonder how this has been inyected, from an extension or maybe was the website itself? no idea
zaapa1 last edited by
@sgunhouse hum, thanks for the info, still odd since i have adguard plugin for block ads and also the build in blocker of opera, so usually i dont see and neither click ads,
but i can even warantee it in this case since i was looking for "ambigrams" and i openes several urls at same time from google, with the wheel button, meaning the 3 or 4 websites i did open were not even active view tabs, and then when i made them active to wich was the one i wanted, boom, i saw the opera landing page and JS file download.
maybe those ads are using a bug from some websites that allow them to load inside the legit URL website, because the downloaded JS file came from the legit URL too. Thats my guess, i dont know,
I even wrote a mail to the guy of the website, but got no response
thanks for your reply