Follow:

 

Trojan:JS/Gamburl.gen!A


Trojan:JS/Gamburl.gen!A is a generic detection for Internet web pages injected with a script that redirects users into a malicious site.


What to do now

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.

Threat behavior

Trojan:JS/Gamburl.gen!A is the generic detection for Web pages containing a malicious JavaScript that redirects users to a malicious site.
 
It usually arrives in the system as an obfuscated script that is injected into modified Web pages. When users visit a compromised Web site, Trojan:JS/Gamburl.gen!A may be executed, causing the browser to be redirected to a specific malicious Web site.
 
Trojan:JS/Gamburl.gen!A has been observed to redirect users to the following sites:
  • gumblar.cn
  • martuz .cn
 
The above Web sites are known to contain malware, such as Backdoor:Win32/PcClient and TrojanDownloader:Win32/Swif.gen!A. JS/Gamburl.gen!A then attempts to download these malware into the system. Note that the Web sites accessed by JS/Gamburl.gen!A and the malware that it attempts to download may change at any time.
 
Analysis by Jireh Sanico

Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

Prevention


Alert level: Severe
First detected by definition: 1.57.1574.0
Latest detected by definition: 1.93.731.0 and higher
First detected on: May 18, 2009
This entry was first published on: May 19, 2009
This entry was updated on: Apr 17, 2011

This threat is also detected as:
No known aliases