Possible malware attack from advertisement website

idkbrasko

Hi yesterday I got into website xossip that plays videos it asked to turn off adblock so I did click on the video to play and it opened 3 ad separate websites. Then it downloaded js file into my computer called export.js that I made sure to delete without opening(now I realized I should have keep it for analyzing it). I will also put screenshot of what ad websites were opened and one that got opened like 20 times in a row. Should I be worried? Can the ad websites intall malware without me executing the js file. I ran eset scan, bitdefender and also offline Windows defender scan. what else I can do to find out if it did something to my pc. Thank you so any help!

[link removed by admin] here on imgur i sent screenshots of what website and what filed i got in contact with with detailed links..

Am really lost if the website itself did something or they just want me to execute the javascript file. Thank you all for help

Alexandru_BD

Hello @idkbrasko,

If the files were not executed and the scan didn't reveal anything, you should be fine. In regards to your question about adware, you can check this article for more information:

https://www.bitdefender.com/consumer/support/answer/2574/

In such scenarios the URLs do not have anything malicious attached to them, but when you click on them, they will redirect to malicious sites that try to collect your data or install abusive or dangerous software. This is where the antivirus protection kicks in and Bitdefender will block the pages or any malicious software that tries to make its way into your device. If you are being asked to turn off adblocker, that's usually a red flag.

For future reference, it's best to upload the screenshots directly here, instead of sharing a link to their location, because your post may be blocked by the forum antispam filters.

Again, if the scan didn't reveal anything and the files were purged from your system, everything should be O.K.

Regards,

Alex

idkbrasko

Hi Alex thanks for your answear and a link for the artickle. I had only windows defender at the time but from that moment I started using bitdefender as better protection. I just wanted to be sure that, probability the ad redirecting me to other sites and those sites installing malware or stealing my files on its own is really low? Thats why they rather try to get me to execute that javascript file? Thank you and Best regards

Alexandru_BD

Hi,

There are two main types of adware, namely malicious and legitimate adware. Most adware can be categorized as browser hijackers. This type of intrusive adware alters your device’s web browser settings without your knowledge or permission. Hijackers usually change your default search engine and homepage.

Here are some of the different types of malicious adware:

• Spyware – software that is used to track your location, behavior, preferences, and more
• Man-in-the-middle attacks – this adware redirects your traffic to the adware creator’s system allowing him or her to “listen” in on your conversations
• Potentially unwanted programs (PUPs) – downloads automatically with free software

Even security software can face some problems when it comes to adware, and that’s because there are legitimate services that come bundled with ad-based software.

Again, if the file was not executed and the system scan didn't reveal anything suspicious, I think you are safe. It's difficult to know exactly what was it in your case, adware and spyware has proliferated over the last few years with very few impediments, it's really widespread.

For future reference, here are some of the signs that indicate malicious adware is present on the device:

• Your browser begins to crawl
• Adverts are being displayed in places they should not be
• You see pop-up or pop-under ads regularly
• Clicking on website links takes you to unrelated websites
• The browser crashes
• Your web browser homepage has changed suddenly
• New plugins, toolbars, and extensions populate your browser
• You notice that web pages you visited before aren’t loading properly
• Software is downloaded on its own

Regards,

Alex

idkbrasko

Hi am sorry if am asking too much I been reading things u sent me and much more to know about this subject more. From your experience, can javascript file install malware that steal data like pictures and passwords on its own. Second question would be can the javascript be executed on its own without me doing anything just by the reddirecting websites. I was using chrome browser. If its too much I understand once again thank you so much for your support! I wish you the best!

Flexx

https://community.bitdefender.com/en/discussion/comment/335519#Comment_335519

Can a JavaScript file install malware that steals data like pictures and passwords on its own?

Yes, it is possible. Hackers can use malicious JavaScript code to steal sensitive information such as passwords and credit card numbers. This type of malicious software can infect your computer without a single click. However, it’s important to note that not all JavaScript files are harmful. Many websites and web applications rely on JavaScript for interactive features.

Can JavaScript be executed on its own without me doing anything just by redirecting to websites?

Yes, JavaScript can be executed automatically when a webpage loads. This is how many websites provide interactive features. However, this also means that malicious JavaScript code can be executed without your explicit action, simply by visiting a website.

Regards

idkbrasko

Thank you @Flexx do you know if there is a way to know exactly what it did to my pc. Because antivirus didnt show anything noone trying to acces any of my account and noone contacted me over some ramsom thing. It probably did nothing because I didnt launch the .js file but am still a bit paranoid. Thank u once again

Flexx

https://community.bitdefender.com/en/discussion/comment/335566#Comment_335566

You have to rely solely on antimalware software to detect the malicious JavaScript file. However, if you suspect you might still be infected, you can use second opinion online scanners. These scanners run without requiring installation.

• ESET Online Scanner: https://www.eset.com/in/home/online-scanner/
• F‑Secure Online Scanner: https://www.f-secure.com/en/online-scanner
• Trend Micro HouseCall: https://www.trendmicro.com/en_ca/forHome/products/housecall.html
• Norton Power Eraser: https://support.norton.com/sp/en/us/home/current/solutions/kb20100824120155EN

Additionally, follow the steps stated below.

1) Restart your PC in safe mode. You can follow this guide: https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-92c27cff-db89-8644-1ce4-b3e5e56fe234

2) Open the Run command and execute the following commands one by one:

temp – delete all the files in the folder.

%temp% – delete all the files in the folder.

prefetch – delete all the files in the folder.

3) Restart your PC in normal mode by unselecting the option to run the system in Safe Mode, then click 'Apply.'

4) Reset your web browsers:

Google Chrome: https://support.google.com/chrome/answer/3296214?hl=en

Mozilla Firefox: https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings

Microsoft Edge: https://malwaretips.com/blogs/reset-microsoft-edge/

Opera: https://browsersolution.com/reset-opera-browser

Vivaldi: https://help.vivaldi.com/desktop/install-update/full-reset-of-vivaldi/

Brave: https://support.brave.com/hc/en-us/articles/360017903152-How-do-I-reset-Brave-settings-to-default-

5) Reset the Windows host file to default. You can find instructions here: https://support.microsoft.com/en-us/topic/how-to-reset-the-hosts-file-back-to-the-default-c2a43f9d-e176-c6f3-e4ef-3500277a6dae

6) Run Disk Cleanup using this guide: https://support.microsoft.com/en-us/windows/disk-cleanup-in-windows-8a96ff42-5751-39ad-23d6-434b4d5b9a68

Regards

idkbrasko

Will do this just to be sure but I dont think am still infected I dont even if i was at all thats why am wondering how do i know what that attack was trying to do. Is the only option to know to run it on virtual machine and go to those websites again to see what the attack was?

Flexx

https://community.bitdefender.com/en/discussion/comment/335575#Comment_335575

You can proceed to replicate the issue on a virtual machine. Also, if you have the URLs, you can check them directly on VirusTotal. VirusTotal also blocks a URL if it contains malicious JavaScript. If no known antimalware vendors block the URLs, chances are the URLs are safe to browse.

Regards