New Virus today?

[amyamandaallen]

Anyone been hit by this this morning?

JS/Snz.A

It seems to be doing the rounds on web servers this morning.

Any info available?

Cheers

[FreedomF]

Yeah I've also got the same thing, can't find any other information on this on the web and it has only appeared today, keep on needing to reboot everytime the error appears. Seems to appear when in a browser.

What Antivirus are you using?

[edster]

We are running eTrust here, and it has incorrectly identified this mythical JS/SNZ.A in jsquery (http://sourceforge.net/project/showf...roup_id=145697) a javascript AJAX library. We've been using it since the summer, and visiting the jsquery homepage also flags this error.

[Sie]

Its a JS virus imbedded within a webpage from what I can see..

Flagged as Trojan by eTrust.

Picked up at fuk.co.uk (following above google search)

The JS/Snz.A was detected in C:\DOCUMENTS AND SETTINGS\**USERNAME**\JQUERY[1].JS. Machine: **MACHINE**, User: **MACHINE**\**USER**. File Status: File was cured; system cure performed.

Deleted temp internet files and performed a system scan, no further alerts....

[Roadwolf]

I got it a few times while surfing thru Gamespot.com

My CA Firewall deleted the file right away but there seems to be no info on it yet. My computer hasn't frozen or needed reboots at all. but, some websites appear to be causing the computer to lag tonight, which is very unusual.

it seems to plant itself in your cache.

I am using Firefox as well, if that helps.

[Boema]

Same problem here... I'm using Etrust.
Does anybody have any clue about this one? Is it harmful or just a problem with etrust? The only information I can find about this virus is from people who are using etrust...

[hbrianne]

It apparently has stuck my machine as well. My SBC Yahoo anti-virus just picked it up.

I would greatly appreciate any removal tips.

[Ozjono]

Hi! Im in australia, and Im using CA. I first got this virus report when i went to www.tv.com The file name of it is mootools[1].js Hope this helps cheers jono

[Sie]

Invasion......

[Ozjono]

I think it may have something to do with javascript, however when I deleted Java it still appeared on the www.tv.com website. Sorry If someone has already said about Java, tis new yrs eve in Australia Few Beverages being had

[Roadwolf]

there seem to be a few questionable blog enteries that have been posted within the last 30 mins aswell, related to this virus name if you search on google. i tried watching a posted video on one of them and it locked up firefox. luckily i am fairly sure that nothing was harmed, it seemed to ask me to install something over and over again. so probably not a good idea to click on a video.

but odd none the less.

Updated Firefox virus location:

C:\Documents and Settings\***USER NAME***\Local Settings\Application Data\Mozilla\Firefox\Profiles\es6vqqq4.default\Cac he\00C87BB2d01

again, CA Firewall seems to have deleted all traces of it right away - every time it comes up (when i visit different sites). Avira didn't even notice it.

[paulsteel]

Hi all,

This has just spung up for me today on several computers. It appears when you go to several specific websites. The files infected are mootools[1].js jsquery[1].js and one other I cannot find at the moment. All are in temporary internet files.

If you go into the same website the same virus message will pop up

This forum is about the only place I can find info on it. We are using etrust and IE7

Hope this helps,

Paul

[edster]

I'm fairly certain that eTrust have done something odd with their most recent update. JSQuery is most certainly not a virus, and mootools is another javascript library, which coincidentally we have also used and has never caused a problem before today.

Seems someone over there has had one xmas drink too many!

[Ozjono]

HAHA Aussies can handle their booze! Seriously though, that is what CA antivirus is telling me, I went to windows update, and also to java.com to try and find updates to correct a misdiagnosis, and also updated CA, but the virus alert keeps coming up.

[Natalie_ca]

I just had this too.

I use Mozilla-Firefox and went to a website that I frequent and clicked on a link that took me to an outside site. I immediately got a popup from CA Antivirus saying that it deleted a js/snz.a virus from my cache files area.

I tried searching for it at CA Antivirus but can't find it there. I did a google search and this is the only forum that has any kind of discussion going on about it.

[Roadwolf]

Quote:

Originally Posted by edster

I'm fairly certain that eTrust have done something odd with their most recent update. JSQuery is most certainly not a virus, and mootools is another javascript library, which coincidentally we have also used and has never caused a problem before today.

Seems someone over there has had one xmas drink too many!

Well, if CA Firewall is catching it too... must be something fishy?

[edster]

Nope - nothing fishy, eTrust is from CA.

[tommyboy]

Its looking more and more like an Etrust specific problem:

The mention of the Yahoo AV makes it look like a more global problem, but that service sits on an Etrust variant anyway.

Its great that Etrust don’t mention anything on their website at all about it, if you do a search for the JS/Snz.a (or anything remotely similar) it doesn’t bring back a thing. You would think they would bother to put a mention of it in their virus encyclopedia if its been added to their definition.

The latest definition files came across yesterday, maybe it’s a problem with definition file and its producing a false positive. If that’s the case – lets hope that the employees at CA antivirus department have not all booked new years eve off. I can just imagine Maureen from accounts dancing with Geoff the .net developer when he should be fixing his definition file.

[edster]

I work for a large organisation, and we're raising it directly with CA. Let's just see how quickly, they can get a fix out though. . .

[Ozjono]

Thank you for your help everyone Enjoy your new years celebrations!

[Roadwolf]

Quote:

Originally Posted by edster

Nope - nothing fishy, eTrust is from CA.

Ah ok didn't do my homework

[Natalie_ca]

Quote:

Originally Posted by tommyboy

Its looking more and more like an Etrust specific problem:

The mention of the Yahoo AV makes it look like a more global problem, but that service sits on an Etrust variant anyway.

Its great that Etrust don’t mention anything on their website at all about it, if you do a search for the JS/Snz.a (or anything remotely similar) it doesn’t bring back a thing. You would think they would bother to put a mention of it in their virus encyclopedia if its been added to their definition.

The latest definition files came across yesterday, maybe it’s a problem with definition file and its producing a false positive. If that’s the case – lets hope that the employees at CA antivirus department have not all booked new years eve off. I can just imagine Maureen from accounts dancing with Geoff the .net developer when he should be fixing his definition file.

I tried to report the issue to CA, but I can't find anywhere on their site to do that.

[Roadwolf]

The increase in listings for the 'virus' name on b l o g s p o t (coming up from a google search of the virus name) is quite odd tho. several blogs repeat the name of the virus over and over, and it almost looks like an automated message. all of these blogs showed up tonight?

just a clip from the latest one:

"Nyt news service. Do not write anti virus en ligne, national association of science. A coalition of anti virus en ligne, god in the experience, flat js/snz.a, do all the river. Was said to anti virus en ligne, ahead in the term. You go to anti virus en ligne- the rev paul stop. Government wants to anti virus en ligne- add js/snz.a, known in the section. The tax is anti virus en ligne, the one i sense. All manner of anti virus en ligne, s discretion slate either. You see is anti virus en ligne, the profile of slip, town snz.a, not do this last. The irish republic anti virus en ligne."

<shrugs>

[nevdunn]

Hi there. new to the site but just to let you know I run Zone Alarm. It found it and 'treated it'.

[tommyboy]

Roadwolf - its just an automated process. These sites you refer to a clever sites that take common search terms and throw them into a page - so that you click on them. Because there are not many pages regarding this particular phrase - they are appearing at the top of google etc. They will dwindle down the ranking eventually.

Its a bit like peer to peer searches - e.g Lime wire - where you can type in ANY name you like and you can guarantee there will be a result that almost exactly matches. it.... Dont worry about them. Its a big fat red herring mate. Clever though.