Author Topic: Where to find malware designations? What is TrojWare.HTML.Refresh.RJ[at]479204191  (Read 207 times)

Offline selden

  • Comodo Member
  • **
  • Posts: 43
Where can I find a list of malware designations or definitions?

What is the malware that CIS reports as TrojWare.HTML.Refresh.RJ[at]479204191

A Web search using Google can't find it.


I'm running CIS v11 under Win7.

https://www.classe.cornell.edu/~seb/images/TrojWare.png
« Last Edit: January 30, 2019, 03:34:06 PM by selden »
Selden

Offline Ionel

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3528
Hi selden,

Can you please send us the detected file? We will verify it.

Regards,
Ionel

Offline selden

  • Comodo Member
  • **
  • Posts: 43
Unfortunately, I'm not at liberty to redistribute the HTML document which triggered the popup, which is why I asked what it means.

It's a rather long "Choose Your Own Adventure" story which works as expected, so the trojan, assuming it's been properly detected, seems to be only a small part.

A screengrab of the CIS error popup can be seen at https://www.classe.cornell.edu/~seb/images/TrojWare.png


Edited to add:

I found a link to Level3's search page (which I've removed). Some research seems to indicate that this page is considered highly undesirable. If that's the cause of the popup, I think it'd be appropriate to add a mention in the "More information" part of the AV popup.
« Last Edit: January 30, 2019, 04:53:53 PM by selden »
Selden

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 24993
Selden. Because Comodo detected the trojan it will already have the html file assuming you have Analyze unknown files in the cloud by uploading them for instant analysis enabled.

May be you can drop Ionel a pm and send him the file hash of the html file. That way Comodo can analyse wihtout making it public by providing a Virus Total link in a post at the forum.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek