The Trojan-Downloader.JS.Agent.gsv Infection
The kind of pseudo-random domain generation that the Trojan-Downloader.JS.Agent.gsv uses has been observed in botnets and backdoor Trojans generating domains for command and control servers. This approach is quite new in the case of browser redirect Java scripts. The Trojan-Downloader.JS.Agent.gsv itself is a Trojan downloader that uses a malicious iFrame that is attached to an HTML file. It generates a random domain name with sixteen characters, with a .RU ending (indicating that the domain is located in the Russian Federation).
Why the Trojan-Downloader.JS.Agent.gsv Generates New Domains
The technique of randomly generating new domain names allows criminals to avoid blacklisting. Every day, the Trojan-Downloader.JS.Agent.gsv generates a new domain name. This means that adding malicious URLs to a blacklist can be pointless due to the fact that new ones are generated constantly. Fortunately, these domain names are not entirely random and use an algorithm that takes its seed from the current date. With this information, PC security researchers can predict future domain names, allowing them to blacklist them preemptively. If you administrate a website, it is important to update your website's software and to apply all available security patches. ESG security analysts also advise changing all sensitive passwords, especially for FTP, SFTP and SSH accounts.
Do You Suspect Your PC May Be Infected with Trojan-Downloader.JS.Agent.gsv & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Trojan-Downloader.JS.Agent.gsv as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.