+ Reply to Thread
Page 1 of 3 1 23 Last
Results 1 to 25 of 63
  1. Senior Member
    Join Date
    Jul 2005
    Posts
    317

    Certifications
    MCP 270 & 290, MCDST, MCTS:Vista, CCA XP-FR3 & PS3, ITIL Foundation. ( 291 One Day )
    #1

    Default New Virus today?

    Anyone been hit by this this morning?

    JS/Snz.A

    It seems to be doing the rounds on web servers this morning.

    Any info available?

    Cheers
    Reply With Quote Quote  


  2. Login/register to remove this advertisement.
  3. Junior Member
    Join Date
    Dec 2007
    Posts
    1
    #2
    Yeah I've also got the same thing, can't find any other information on this on the web and it has only appeared today, keep on needing to reboot everytime the error appears. Seems to appear when in a browser.

    What Antivirus are you using?
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Dec 2007
    Posts
    5
    #3

    Default JS/SNZ.A

    We are running eTrust here, and it has incorrectly identified this mythical JS/SNZ.A in jsquery (http://sourceforge.net/project/showf...roup_id=145697) a javascript AJAX library. We've been using it since the summer, and visiting the jsquery homepage also flags this error.
    Reply With Quote Quote  

  5. Sie
    Sie is offline
    Running on caffine
    Join Date
    Dec 2005
    Location
    England, UK
    Posts
    1,207

    Certifications
    ADITP (Advanced Diploma for IT Practitioners) & MCSA (70-270, 70-290, 70-291, 70-299) | Currently working towards C|EH
    #4
    Its a JS virus imbedded within a webpage from what I can see..

    Flagged as Trojan by eTrust.

    Picked up at fuk.co.uk (following above google search)

    The JS/Snz.A was detected in C:\DOCUMENTS AND SETTINGS\**USERNAME**\JQUERY[1].JS. Machine: **MACHINE**, User: **MACHINE**\**USER**. File Status: File was cured; system cure performed.

    Deleted temp internet files and performed a system scan, no further alerts....
    Reply With Quote Quote  

  6. Junior Member
    Join Date
    Dec 2007
    Posts
    9
    #5
    I got it a few times while surfing thru Gamespot.com

    My CA Firewall deleted the file right away but there seems to be no info on it yet. My computer hasn't frozen or needed reboots at all. but, some websites appear to be causing the computer to lag tonight, which is very unusual.

    it seems to plant itself in your cache.

    I am using Firefox as well, if that helps.
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Dec 2007
    Posts
    1
    #6
    Same problem here... I'm using Etrust.
    Does anybody have any clue about this one? Is it harmful or just a problem with etrust? The only information I can find about this virus is from people who are using etrust...
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Dec 2007
    Posts
    1
    #7

    Default JS/SNZ

    It apparently has stuck my machine as well. My SBC Yahoo anti-virus just picked it up.

    I would greatly appreciate any removal tips.

    Reply With Quote Quote  

  9. Junior Member
    Join Date
    Dec 2007
    Posts
    4
    #8
    Hi! Im in australia, and Im using CA. I first got this virus report when i went to www.tv.com The file name of it is mootools[1].js Hope this helps cheers jono
    Reply With Quote Quote  

  10. Sie
    Sie is offline
    Running on caffine
    Join Date
    Dec 2005
    Location
    England, UK
    Posts
    1,207

    Certifications
    ADITP (Advanced Diploma for IT Practitioners) & MCSA (70-270, 70-290, 70-291, 70-299) | Currently working towards C|EH
    #9

    Default Re: JS/SNZ

    Invasion......
    Reply With Quote Quote  

  11. Junior Member
    Join Date
    Dec 2007
    Posts
    4
    #10
    I think it may have something to do with javascript, however when I deleted Java it still appeared on the www.tv.com website. Sorry If someone has already said about Java, tis new yrs eve in Australia Few Beverages being had
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    Dec 2007
    Posts
    9
    #11
    there seem to be a few questionable blog enteries that have been posted within the last 30 mins aswell, related to this virus name if you search on google. i tried watching a posted video on one of them and it locked up firefox. luckily i am fairly sure that nothing was harmed, it seemed to ask me to install something over and over again. so probably not a good idea to click on a video.

    but odd none the less.

    Updated Firefox virus location:

    C:\Documents and Settings\***USER NAME***\Local Settings\Application Data\Mozilla\Firefox\Profiles\es6vqqq4.default\Cac he\00C87BB2d01

    again, CA Firewall seems to have deleted all traces of it right away - every time it comes up (when i visit different sites). Avira didn't even notice it.
    Reply With Quote Quote  

  13. Junior Member
    Join Date
    Dec 2007
    Posts
    1
    #12
    Hi all,

    This has just spung up for me today on several computers. It appears when you go to several specific websites. The files infected are mootools[1].js jsquery[1].js and one other I cannot find at the moment. All are in temporary internet files.

    If you go into the same website the same virus message will pop up

    This forum is about the only place I can find info on it. We are using etrust and IE7

    Hope this helps,

    Paul
    Reply With Quote Quote  

  14. Junior Member
    Join Date
    Dec 2007
    Posts
    5
    #13
    I'm fairly certain that eTrust have done something odd with their most recent update. JSQuery is most certainly not a virus, and mootools is another javascript library, which coincidentally we have also used and has never caused a problem before today.

    Seems someone over there has had one xmas drink too many!
    Reply With Quote Quote  

  15. Junior Member
    Join Date
    Dec 2007
    Posts
    4
    #14
    HAHA Aussies can handle their booze! Seriously though, that is what CA antivirus is telling me, I went to windows update, and also to java.com to try and find updates to correct a misdiagnosis, and also updated CA, but the virus alert keeps coming up.
    Reply With Quote Quote  

  16. Junior Member
    Join Date
    Dec 2007
    Posts
    3
    #15
    I just had this too.

    I use Mozilla-Firefox and went to a website that I frequent and clicked on a link that took me to an outside site. I immediately got a popup from CA Antivirus saying that it deleted a js/snz.a virus from my cache files area.

    I tried searching for it at CA Antivirus but can't find it there. I did a google search and this is the only forum that has any kind of discussion going on about it.
    Reply With Quote Quote  

  17. Junior Member
    Join Date
    Dec 2007
    Posts
    9
    #16
    Quote Originally Posted by edster
    I'm fairly certain that eTrust have done something odd with their most recent update. JSQuery is most certainly not a virus, and mootools is another javascript library, which coincidentally we have also used and has never caused a problem before today.

    Seems someone over there has had one xmas drink too many!

    Well, if CA Firewall is catching it too... must be something fishy?
    Reply With Quote Quote  

  18. Junior Member
    Join Date
    Dec 2007
    Posts
    5
    #17
    Nope - nothing fishy, eTrust is from CA.
    Reply With Quote Quote  

  19. Junior Member
    Join Date
    Dec 2007
    Posts
    5
    #18
    Its looking more and more like an Etrust specific problem:

    The mention of the Yahoo AV makes it look like a more global problem, but that service sits on an Etrust variant anyway.

    Its great that Etrust don’t mention anything on their website at all about it, if you do a search for the JS/Snz.a (or anything remotely similar) it doesn’t bring back a thing. You would think they would bother to put a mention of it in their virus encyclopedia if its been added to their definition.

    The latest definition files came across yesterday, maybe it’s a problem with definition file and its producing a false positive. If that’s the case – lets hope that the employees at CA antivirus department have not all booked new years eve off. I can just imagine Maureen from accounts dancing with Geoff the .net developer when he should be fixing his definition file.
    Reply With Quote Quote  

  20. Junior Member
    Join Date
    Dec 2007
    Posts
    5
    #19
    I work for a large organisation, and we're raising it directly with CA. Let's just see how quickly, they can get a fix out though. . .
    Reply With Quote Quote  

  21. Junior Member
    Join Date
    Dec 2007
    Posts
    4
    #20
    Thank you for your help everyone Enjoy your new years celebrations!
    Reply With Quote Quote  

  22. Junior Member
    Join Date
    Dec 2007
    Posts
    9
    #21
    Quote Originally Posted by edster
    Nope - nothing fishy, eTrust is from CA.
    Ah ok didn't do my homework
    Reply With Quote Quote  

  23. Junior Member
    Join Date
    Dec 2007
    Posts
    3
    #22
    Quote Originally Posted by tommyboy
    Its looking more and more like an Etrust specific problem:

    The mention of the Yahoo AV makes it look like a more global problem, but that service sits on an Etrust variant anyway.

    Its great that Etrust don’t mention anything on their website at all about it, if you do a search for the JS/Snz.a (or anything remotely similar) it doesn’t bring back a thing. You would think they would bother to put a mention of it in their virus encyclopedia if its been added to their definition.

    The latest definition files came across yesterday, maybe it’s a problem with definition file and its producing a false positive. If that’s the case – lets hope that the employees at CA antivirus department have not all booked new years eve off. I can just imagine Maureen from accounts dancing with Geoff the .net developer when he should be fixing his definition file.
    I tried to report the issue to CA, but I can't find anywhere on their site to do that.
    Reply With Quote Quote  

  24. Junior Member
    Join Date
    Dec 2007
    Posts
    9
    #23
    The increase in listings for the 'virus' name on b l o g s p o t (coming up from a google search of the virus name) is quite odd tho. several blogs repeat the name of the virus over and over, and it almost looks like an automated message. all of these blogs showed up tonight?

    just a clip from the latest one:

    "Nyt news service. Do not write anti virus en ligne, national association of science. A coalition of anti virus en ligne, god in the experience, flat js/snz.a, do all the river. Was said to anti virus en ligne, ahead in the term. You go to anti virus en ligne- the rev paul stop. Government wants to anti virus en ligne- add js/snz.a, known in the section. The tax is anti virus en ligne, the one i sense. All manner of anti virus en ligne, s discretion slate either. You see is anti virus en ligne, the profile of slip, town snz.a, not do this last. The irish republic anti virus en ligne."

    <shrugs>
    Reply With Quote Quote  

  25. Junior Member
    Join Date
    Dec 2007
    Location
    Manchester, UK
    Posts
    1
    #24
    Hi there. new to the site but just to let you know I run Zone Alarm. It found it and 'treated it'.
    Reply With Quote Quote  

  26. Junior Member
    Join Date
    Dec 2007
    Posts
    5
    #25
    Roadwolf - its just an automated process. These sites you refer to a clever sites that take common search terms and throw them into a page - so that you click on them. Because there are not many pages regarding this particular phrase - they are appearing at the top of google etc. They will dwindle down the ranking eventually.

    Its a bit like peer to peer searches - e.g Lime wire - where you can type in ANY name you like and you can guarantee there will be a result that almost exactly matches. it.... Dont worry about them. Its a big fat red herring mate. Clever though.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 3 1 23 Last

Social Networking & Bookmarks