Js.obfuscated.gen

mcostigan
mcostigan
edited January 2009 in Malware talk

BD has detected this Trojan in 3 separate pdf files that I created using simple Word docs (no macros-text only...docs created by me) and existing pdf files downloaded form my local Realtor MLS site. When viewing the files in Adobe Acrobat Pro it always pauses at some point saying "there is an error in the file, etc..." then you click "ok" and it works just fine. Is it possible to remove this code from these files and is it ACTUALLY Malware or a virus or could it be that Obfuscated code is being used by Adobe to prevent others from copying. NOTE: The pdf files used as part of this new pdf (combo of pdf files and Word docs) were originally pdf files with "form" fields that could be completed by on-line users (ie: the Realtors could fill in prices, etc. in the blank fields and then print them. This may or may not have any relevancy-just very puzzled here.)


Log File


Product : BitDefender Internet Security 2009


Version : BitDefender UIScanner v.12


Scanning task : Deep System Scan


Log date : 09:26:32 26/01/2009


Log path : C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1232979992_1_02.xml


Scan Paths:Path 0000: C:\


Path 0001: D:\


Path 0002: E:\


Path 0003: H:\


Path 0004: I:\


Path 0005: G:\


Scan Options:Scan for viruses : Yes


Scan for adware : Yes


Scan for spyware : Yes


Scan for applications : Yes


Scan for dialers : Yes


Scan for rootkits : Yes


Target Selection Options:Scan registry keys : Yes


Scan cookies : Yes


Scan boot sectors : Yes


Scan memory processes : Yes


Scan archives : Yes


Scan runtime packers : Yes


Scan emails : No


Scan all files : Yes


Heuristic Scan : Yes


Scanned extensions :


Excluded extensions :


Target Processing:Default action for infected objects : Disinfect


Default action for suspicious objects : None


Default action for hidden objects : None


Scan engines summaryNumber of virus signatures : 2607065


Archive plugins : 45


Email plugins : 6


Scan plugins : 13


System plugins : 5


Unpack plugins : 7


Overall scan summaryScanned items : 293158


Infected items : 14


Suspicious items : 0


Resolved items : 0


Unresolved items : 18


Password-protected items : 4


Individual viruses found : 1


Scanned directories : 10298


Scanned boot sectors : 11


Scanned archives : 3234


Input-output errors : 38


Scan time : 00:32:36


Files per second : 149


Scanned processes summaryScanned : 46


Infected : 0


Scanned registry keys summaryScanned : 1107


Infected : 0


Scanned cookies summaryScanned : 1107


Infected : 0


Remaining issues:Object Name Threat Name Final Status


D:\CG\REO\Contract Documents\Contract Info\Contract Instructions Atlas.pdf=](JAVASCRIPT) JS.Obfuscated.Gen Delete Failed (file was in an archive)


D:\CG\REO\Contract Documents\Contract Info\Contract Instructions Brighton.pdf=](JAVASCRIPT) JS.Obfuscated.Gen Delete Failed (file was in an archive)


D:\CG\REO\Contract Documents\Contract Info\Contract Instructions Fannie Mae.pdf=](JAVASCRIPT) JS.Obfuscated.Gen Delete Failed (file was in an archive)


D:\CG\REO\Contract Documents\Contract Info\Contract Instructions Pkg\Contract-2008.pdf=](JAVASCRIPT) JS.Obfuscated.Gen Delete Failed (file was in an archive)


D:\CG\REO\Contract Documents\Contract Info\Contract_Instructions.pdf=](JAVASCRIPT) JS.Obfuscated.Gen Delete Failed (file was in an archive)


D:\CG\REO\Contract Documents\Contract-2008.pdf=](JAVASCRIPT) JS.Obfuscated.Gen Delete Failed (file was in an archive)


D:\CG\REO\Contract Documents\Contract_Instructions.pdf=](JAVASCRIPT) JS.Obfuscated.Gen Delete Failed (file was in an archive)


D:\CG\Retail\Rebate\contract.pdf=](JAVASCRIPT) JS.Obfuscated.Gen Delete Failed (file was in an archive)


D:\RECYCLER\S-1-5-21-1292428093-2025429265-839522115-1003\Dd105.pdf=](JAVASCRIPT) JS.Obfuscated.Gen Delete Failed (file was in an archive)


D:\RECYCLER\S-1-5-21-1292428093-2025429265-839522115-1003\Dd129.pdf=](JAVASCRIPT) JS.Obfuscated.Gen Delete Failed (file was in an archive)


D:\RECYCLER\S-1-5-21-1292428093-2025429265-839522115-1003\Dd131.pdf=](JAVASCRIPT) JS.Obfuscated.Gen Delete Failed (file was in an archive)


D:\RECYCLER\S-1-5-21-1292428093-2025429265-839522115-1003\Dd132.pdf=](JAVASCRIPT) JS.Obfuscated.Gen Delete Failed (file was in an archive)


D:\UREOS\Contract Info\Contract Instructions Fannie Mae.pdf=](JAVASCRIPT) JS.Obfuscated.Gen Delete Failed (file was in an archive)


D:\UREOS\Contract Info\Contract_Instructions.pdf=](JAVASCRIPT) JS.Obfuscated.Gen Delete Failed (file was in an archive)


Objects that were not scanned:Object Name Reason Final Status


C:\Documents and Settings\Owner\Local Settings\Temp\GLB57D.tmp=](Dropped 0) Overcompressed No action was possible


C:\Documents and Settings\Owner\Local Settings\Temp\GLB586.tmp=](Dropped 0) Overcompressed No action was possible


C:\Documents and Settings\Owner\Local Settings\Temp\GLB935.tmp=](Dropped 0) Overcompressed No action was possible


C:\Documents and Settings\Owner\Local Settings\Temp\GLBF3C.tmp=](Dropped 0) Overcompressed No action was possible

All Time Leaders

Categories

Defenders of the month