Troj/JSRedir-H
Posted: July 2, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 59 |
| First Seen: | July 2, 2012 |
|---|---|
| Last Seen: | June 14, 2020 |
| OS(es) Affected: | Windows |
Similar to Troj/JSRedir-EX, Troj/SWFExp-AI, Troj/JSRedir-EF and Mal/JSRedir-K, Troj/JSRedir-H is a web-based PC threat that's used to install other forms of malicious software – in Troj/JSRedir-H's case, this payload is a Trojan downloader. Like many similar PC threats that have been noted just above, Troj/JSRedir-H is distributed via fraudulent e-mail messages, and Troj/JSRedir-H's current e-mail scams all involve fake messages from the ADP, a reputable company that provides payroll-related services. As long as you're cautious enough to avoid clicking on the included HTML link, your computer is safe from Troj/JSRedir-H, but if you've clicked a spam ADP e-mail's link, the chance of being infected by various PC threats at Troj/JSRedir-H's behest is very high. SpywareRemove.com malware researchers also encourage you to keep appropriate defenses against Java exploits like Troj/JSRedir-H regardless of your web-browsing habits, since Troj/JSRedir-H may be distributed by other methods besides e-mail-based attacks.
Troj/JSRedir-H: a Modest Java Redirect with Substantially Negative Results for Your PC
Troj/JSRedir-H's e-mail spam has been seen to use a relatively-convincing message about an ADP security update that includes the ADP logo, a fake Reference ID and other hallmarks of official e-mail notices. However, this message also includes links to what isn't an ADP-related site at all, but Troj/JSRedir-H. A very similar scam that uses a plain text variant of this hoax (also exploiting the ADP brand name) involves a redirect to Troj/JSRedir-GZ. Both of these Trojans are Java-based, and both of them will force your browser to load other malicious content. The goal of Troj/JSRedir-H and Troj/JSRedir-GZ alike is to install Troj/Dloadr-DPB onto your computer, a Trojan downloader that will, itself, install other types of PC threats.
This type of cascading multi-infection attack is preferably stopped before it begins to escalate, and SpywareRemove.com malware researchers recommend that you delete these e-mail messages as soon as you see them. If you do receive an ADP message that appears to be legitimate, avoid clicking any embedded links – instead, use safe means of navigating to the relevant website, rather than trusting what might just be a springboard into a Troj/JSRedir-H attack.
Stopping a Troj/JSRedir-H Redirect Before It Really Gets the Ball Rolling
Since Troj/JSRedir-H has been defined as a PC threat since 2009, any reasonably-accurate anti-malware program should be able to detect and block Troj/JSRedir-H before Troj/JSRedir-H can force your browser to download Troj/Dloadr-DPB. Likewise, you may also be able to block Troj/JSRedir-H by disabling Java as a default security setting, since Troj/JSRedir-H is JavaScript-based and can't function without that script. However, SpywareRemove.com malware researchers also note that since Java is often used for various features on reputable sites, simply keeping a good anti-malware program around is typically more practical than keeping Java permanently deactivated.
A successful attack by Troj/JSRedir-H invariably means that Troj/Dloadr-DPB will be installed, and this can consequentially lead to the presence of any number of other PC threats. Anti-malware scans should be able to detect and remove all such malicious software, but they may require updates, since the Trojan downloader Troj/Dloadr-DPB, different from Troj/JSRedir-H, was detected only in 2012.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:report.htm
File name: report.htmSize: 3.42 KB (3421 bytes)
MD5: 02ce72bfbefe5ba8866d4e87bb9435fd
Detection count: 74
Mime Type: unknown/htm
Group: Malware file
Last Updated: July 4, 2012
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.