locked
Obfuscator.C RRS feed

  • Question

  •  

    virtool:JS/obfuscator.C--- This keeps popingup. OneCare detects it. Removes it and it comes back again. It does not

    Quarantine it. How do I get rid of it. How bad is it? Please help.

    Monday, August 4, 2008 7:03 PM

Answers

  • It appears this detection relates to a JavaScript Obfuscator & Encoder which by its own descriptive name could obvkously be used to hide the existence of a malware script from site visitors. Though there may actually be nothing wrong with the script behind this obfuscation, there's unfortunately no way to know until the script actually runs.

     

    Though the idea behind the product seems to make sense, to hide the secret details within the script, it's easy to see how this could be abused by malware. I'd think that OneCare would still allow the site to be displayed, but would simply display the warning message in case it might contain something nefarious.

     

    OneCareBear

     

    Wednesday, August 6, 2008 4:38 AM
    Moderator

All replies

  • I suggest contacting support for help with malware removal. How to reach support - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    Monday, August 4, 2008 8:03 PM
    Moderator
  • Exactly the same happens to me when I visit .   What website are you getting it on?

    Tuesday, August 5, 2008 12:45 AM
  • The same for me on 2 computers. Yes at riteA-d

    So far everything tec support has had me do does not work.

    Have you had any luck getting rid of it? 

    I have run malware scans ( Malwarebytes Anti-malware). Which is a really good program. and others.

    No Luck. Maybe 1care is giving a false read.

    Tuesday, August 5, 2008 1:10 AM
  • I am getting the same when I go to Rite Aid.   Mine says it deletes it but I get it every time I go back to Rite Aid.

     

    I wish I knew what it really is.   Is it part of their Web Site?   No one else gets this message that I have asked.  They use other spyware detectors though.    I don't know what to do.

     

    Tuesday, August 5, 2008 3:50 PM
  • I'm thinking that it's a false report.  I've viewed the source coding for the web page and noticed a number of these types of lines.   <a href="/redir/?go=aHR0cHM6Ly9yaXRlYWlkLnJlYmF0ZXBsdXMuY29tLw==&amp;from=aHR0cDovLw==Y2FyLnJpdGVhaWQuY29tL3N0b3Jlcy9pbmRleC5qc3A"

     

    I tried to research java script obfuscator and see that it does this sort of thing on purpose.  (I'm no expert by any means).  So, it may be that the riteaid developer purposely used this type of coding and it's hitting against the OneCare detection system.

     

    Any other websites that this is coming up on?

    Tuesday, August 5, 2008 9:22 PM
  • I get it on 2 computers, On my 3rd computer I have with a different virus scaner, everything is O.K. So far ritaid is the only

    site I get it on.  I also think it is (1 care)  giving a false read. Or there is a virus on riteaids site.

     

    Wednesday, August 6, 2008 12:00 AM
  • I have sent this to customer support at live one care and waiting for a reply.   I have also sent emails to Rite Aid and have received a reply that they are looking in to it.

     

    I wish others would contact them too.   I really want to use their site.

     

    Wednesday, August 6, 2008 2:35 AM
  •  

    I have Never received this or ANY other alert before from any other website.   I surf all over the internet and go to obscure sites.

     

    Live one care says it is a tool that can be used for malware, spyware, and viruses.  It appears to me it may not be a virus or spyware itself but could be used for that purpose.  

     

    Wednesday, August 6, 2008 2:39 AM
  • It appears this detection relates to a JavaScript Obfuscator & Encoder which by its own descriptive name could obvkously be used to hide the existence of a malware script from site visitors. Though there may actually be nothing wrong with the script behind this obfuscation, there's unfortunately no way to know until the script actually runs.

     

    Though the idea behind the product seems to make sense, to hide the secret details within the script, it's easy to see how this could be abused by malware. I'd think that OneCare would still allow the site to be displayed, but would simply display the warning message in case it might contain something nefarious.

     

    OneCareBear

     

    Wednesday, August 6, 2008 4:38 AM
    Moderator
  • I too am getting this only at the riteaid site - it just started today   I was at the site last week and had no problem  that message never came up so this is something new with the main rite aid site.

     

    Sunday, August 17, 2008 8:58 PM
  • I'll add that I just had the same thing happen tonight and this is the first time I've had any trouble from the Rite-Aid site. It has been a few weeks since the last time I accessed their site, but I don't think it's malware. I think it might have something to do with a java script or such being added. There's more graphic objects on their site than there use to be in the past.

    Monday, August 18, 2008 3:08 AM
  • Same story. Only at Rite Aid and only this time.

    Wednesday, August 20, 2008 3:15 AM
  • same story. only that i get it from my bank's online facility.  Now I have to go to the bank myself.  Any solutions yet??

     

    Wednesday, August 27, 2008 12:31 PM
  • Victor94, please contact support - 

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    The only alternative I can suggest, if you believe that this is a false positive report for your bank's web site, is to disable the OneCare protection when you visit the site. You can do this on the OneCare Virus and Spyware tab under Change Settings. However, I recommend that you contact the bank's webmaster to advise them of the alert you are encountering.

    -steve

    Wednesday, August 27, 2008 12:37 PM
    Moderator
  • To all who are saying ritaid, I have never been to that site but am getting this ALL THE TIME with 1 care.  I think it has to be the program.  I have limited my access to just my hotmail, ebay and paypal after cleaning and still get it, so it must be something with the 1 care program.
    Sunday, June 7, 2009 4:02 AM
  • To all who are saying ritaid, I have never been to that site but am getting this ALL THE TIME with 1 care.  I think it has to be the program.  I have limited my access to just my hotmail, ebay and paypal after cleaning and still get it, so it must be something with the 1 care program.
    Your PC has an infected file on it, likely downloaded from an infected site.
     

    If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

    How to reach support (FAQ) - http://social.microsoft.com/Forums/en-US/onecareinstallandactivate/thread/30400b52-7f26-4ba0-bc18-17e305329d90

     

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx  for details.  For international information, see your local subsidiary Support site.


    -steve

    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Monday, June 8, 2009 1:21 AM
    Moderator