JS/ShellCode
JS/Mult
JS/Mult describes a group of threats, written in JavaScript, that attempt to exploit multiple vulnerabilities on affected computers in order to download, execute or otherwise run arbitrary code. The malicious JavaScript may be hosted on compromised or malicious websites, embedded in specially crafted PDF files, or could be called by other malicious scripts.
JS/Blacole
Microsoft security software detects and removes this family of threats.
You should also update your software to be fully protected.
These threats are part of the Blacole family of malware. For more information, see our Blacole family description.
JS/Fiexp
Microsoft security software detects and removes this family of threats.
This is a family of JavaScript components belonging to an exploit kit called Fiesta. Similar to other exploit kits, such as Blacole, it first checks your browser, version, and installed plugins. It does this to determine which exploit to use on your PC.
Malware in this family can exploit vulnerabilities in Java, Adobe Flash Player, Adobe Acrobat Reader, Microsoft Silverlight, and Internet Explorer.
They can run on your PC when you visit a hacked or malicious website.
JS/Medfos
Windows Defender detects and removes this threat.
This family of threats are malicious JavaScript files that redirect web searches to pay-per-click advertising sites.
This threat might be installed on your PC from a Win32/Medfos variant.
JS/NeutrinoEK
Windows Defender detects and removes this threat.
This threat is a webpage that spreads the exploit kit known as Neutrino.
You PC is at risk of infection if you visit this webpage and you have vulnerable software installed on your PC.
You might be redirected to the malicious webpage without your consent.
JS/Neutrino
Windows Defender detects and removes this threat.
This threat is a webpage that spreads the exploit kit known as Neutrino.
You PC is at risk of infection if you visit this webpage and you have vulnerable software installed on your PC.
You might be redirected to the malicious webpage without your consent.
JS/Anogre
Microsoft security software detects and removes this family of threats.
This malware family looks for vulnerabilities in the following software:
- Java Development Kit and Java Runtime Environment
- Adobe Flash Player
- Microsoft True Type Font
If a vulnerability is found they can then download other malware onto your PC.
You can be redirected to a malicious or compromised website that hosts this threat as you browse the Internet or when you click a link in a spam email.
Our exploits page explains more about this type of threat.
JS/Zemot
Windows Defender detects and removes this threat.
The threat has been renamed to TrojanDownloader:JS/Lave.A.
JS/Timbum
Exploit:JS/Timbum is a detection for a malicious JavaScript that redirects the browser to certain URLs. It exploits a vulnerability in the TimThumb Wordpress plugin, which allows an attacker to upload and execute malicious PHP code.
JS/Axpergle
Windows Defender detects and removes this threat.
It uses vulnerabilities in recent versions of Internet Explorer, Microsoft Silverlight, Adobe Flash Player, and Java to install malware on your PC. We have seen it try to install Ransom:Win32/Reveton and variants of Win32/Bedep.
The exploit is also called Angler.
You might get this threat if you visit a malicious or hacked website, or by clicking a malicious link in an email.
To learn more about how this threat is being used by cybercriminals,
JS/Kak
JS/Cripac
JS/Cripac is a detection for JavaScript malware that attempts to exploit numerous vulnerabilities that allows the malware to execute arbitrary code.
JS/Kilim
Microsoft security software detects and removes this family of threats.
They are Chrome browser extensions that hijack your Facebook, Twitter or YouTube accounts to promote pages. The threats might post hyperlinks or like pages on Facebook, post comments on YouTube videos, or follow profiles and send direct messages on Twitter without your permission.
They are installed on your computer by Trojan:AutoIt/Kilim.A.
JS/Tracur
Windows Defender detects and removes this threat.
This family of threats are malicious JavaScript files that redirect your web searches.
They do this to earn revenue for the malware authors via online advertisement fraud. The threats hijack search result links from the following search engines, and redirect you to a different webpage:
- Alltheweb
- Altavista
- AOL
- Ask
- Bing
- Gigablast
- Hotbot
- Lycos
- Netscape
- Snap
- Yahoo
- Youtube
They can be installed by other malware, including members of the Win32/Tracur description for more information.
JS/Bepexp
JS/Bepexp is a family of JavaScript malware that loads multiple exploits in an attempt to compromise the host system, when browsing webpages containing the script. Various software vulnerabilities may be targeted, depending on the target system configuration.
JS/Miuref
Windows Defender detects and removes this threat.
This family of threats are malicious JavaScript files that redirect your web browser to show you ads or download other malware.
They can be installed by other malware, including members of the Win32/Fareit family, or installed on your PC from a spam email attachment.
The Win32/Miuref family description has for more information.
JS/BlacoleRef
Windows Defender detects and removes this threat.
You should also update your software to be fully protected.
BlacoleRef is a type of malware which tries to infect your PC with other malware, such as trojans and viruses.
It belongs to the Blacole family of malware, which together are known as the Blacole (or "Blackhole") exploit kit.
See our page about exploits and learn how to update common software.
When you visit a malicious or compromised website, BlacoleRef scans your PC for vulnerabilities or weaknesses in your software.
You might visit the website from a link or attachment in an email, or from a previously safe website that has been hacked.
The threat uses those vulnerabilities it has found on your PC to download malware onto your PC:
Typically, the Blacole exploit kit attempts to exploit vulnerabilities in applications such as Oracle Java, Sun Java, Adobe Acrobat and Adobe Reader.
JS/Neclu
Windows Defender detects and removes this threat.
This website checks to see if your PC is running a vulnerable version of Java or Adobe Reader. You might be redirected to this website when you visit a hacked or malicious webpage.
If your PC has vulnerable software installed, this threat can download other malware, including:
You might get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.
JS/Bondat
Windows Defender detects and removes this threat.
This family of threats collects information about your PC, infects your removable drives, and tries to stop you from accessing your files.
It spreads by infecting removable drives, such as USB thumb drives and flash drives.
This threat might be downloaded by other malware, or you might get it by connecting an infected removable drive to your PC.