Follow:

 

Trojan:JS/Alescurf.C


Trojan:JS/Alescurf.C is a encrypted JavaScript trojan, which is injected into HTML files. It redirects the user to a certain webpage.



What to do now

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Threat behavior

Trojan:JS/Alescurf.C is a encrypted JavaScript trojan, which is injected into HTML files.

If the browser visits a webpage infected with Trojan:JS/Alescurf.C, it is redirected to a webpage in a remote server that may have malicious content. In the wild, it is known to redirect to the IP address91.<removed>.216.64.

It collects the following information about the computer and passes them on to the remote server:

  • Color depth
  • Screen width and height
  • Character set
  • Location
  • User agent

Analysis by Daniel Chipiristeanu


Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.


Prevention


Alert level: Severe
First detected by definition: 1.117.2174.0
Latest detected by definition: 1.117.2174.0 and higher
First detected on: Jan 03, 2012
This entry was first published on: Jan 03, 2012
This entry was updated on: Jan 30, 2012

This threat is also detected as:
  • Trojan.JS.WPress.A (BitDefender)
  • Troj/JSRedir-EQ (Sophos)