HTML/Crypted.Gen

RichD

Hi There,

I have just got in this evening and logged onto facebook. When I open the superwall app I am getting Avira pop up to tell me it has found an infection of HTML/Crypted.Gen located in my temporary internet files.

I think the app is downloading a javascript to my pc which appears to be infected. I have removed the app cleared all my temporary files and cookies and I am now running a full scan. I don't expect it to find anything though.

Can anyone suggest what this could be?

Katana

Hi RichD,

You know we need more info than that to work with :lol:


Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

RichD

Hi Katana,

Thanks for the reply,

I am currently on my hols abroad so cant do much at the minute. I am happy that I have not been infected and I am fairly sure about what is going on. It appears that the Java aplet that is downloaded and stored in temporary internet files is triggering something in the Avira realtime scanner. So I just thought I would see if anyone knew anything about it as Facebook and superwall are quite commonly used.

Thanks

Rich

Katana

HTML/Crypted.Gen

Description:
To avoid detection by antivirus software, authors of HTML malware use browser features like Java and VisualBasic Script. These scripts are small and very often quite simple encryption routines hiding the malicious parts of the script. Encrypted malware is detected as HTML/Crypted.Gen.

It is a generic detection, so without the actual file there isn't much I can tell you.

RichD

Might be worth an up load to joti then?

Katana

RichD wrote:

Might be worth an up load to joti then?

If you know which file it is yes.