Follow:

 

Trojan:JS/Seedabutor.A


Trojan:JS/Seedabutor.A is a JavaScript trojan that attempts to redirect your browser to another website.

This threat might be present in your Temporary Internet Files folder. We recommend that you delete your temporary Internet files to prevent the persistent detection of this threat from within the Temporary Internet Files folder.

To delete the temporary Internet files from Internet Explorer, go to KB Article 260897.



What to do now

 The following Microsoft software detects and removes this threat:

 Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

This threat might be present in your Temporary Internet Files folder. We recommend that you delete your temporary Internet files to prevent the persistent detection of this threat from within the Temporary Internet Files folder.

To delete the temporary Internet files from Internet Explorer, go to KB Article 260897.

Threat behavior

Trojan:JS/Seedabutor.A is a JavaScript trojan that attempts to redirect your browser to another website.

If you visit a website containing this malicious JavaScript, the browser is redirected to the following URL:

dsnextgen.com/?epl=

At the time of publishing, the server was inaccessible.

This JavaScript is usually found in webpages compromised through SQL Injection attacks or through Blackhat search engine optimization (SEO) poisoning. This detection might also be triggered if the webpage containing this script is stored in the browser's cache.

Analysis by Methusela Cebrian Ferrer & Ferdinand Plazo


Symptoms

Your browser might attempt to open a webpage to the following server:"dsnextgen.com".

However, there are no common symptoms associated with this threat - links are activated within IFrames while viewing web content on maliciously modified pages. Alert notifications from installed antivirus software might be the only symptoms.


Prevention


Alert level: Severe
This entry was first published on: Jan 11, 2013
This entry was updated on: Oct 04, 2013

This threat is also detected as:
  • HTML/Framer.FM (AVG)
  • HTML.Redirector (Ikarus)