CLOSED js.Trojan.Cryos.1257 keeps coming back

[GVTS 0]

Hi, I'm running EAM on a Windows 7 machine.  I've been getting scareware.

EAM is not protecting against it coming in, but it does find the infection when I run a scan. It removes it and then later on it comes back.

The file is found in <User>\Application Data\Local\Microsoft\Windows\INetCache\Low\IE.

From what I've read, this infection is due to visiting a web site with a nasty java script. 

Question is how can I prevent the infection from coming back.

[stapp 128]

Please follow the instructions here and attach the requested logs so that one of our experts can help you

https://support.emsisoft.com/announcement/2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/

[GVTS 0]

Here's the logs. As I said, EAM finds the infection and deletes it.  I think I found the site with the malicious code. When I go there using IE, I get re-infected. EAM isn't preventing the infection from getting in.

Addition.txt

FRST.txt

EEK scan_181011-141322.txt

[Kevin Zoll 279]

Clear the browser cache that should take care of the issue.  The system is not infected, it's just a cached page containing a link to a malicious JavaScript.

[GVTS 0]

Thank you for your response.

1) How do I clear the browser cache?

2) Why didn't EAM block this in the first place? It removed the file in <User>\Application Data\Local\Microsoft\Windows\INetCache\Low\IE, but then it came back again.

[GVTS 0]

Also, shouldn't EAM have done something to clear the cache? or maybe it should have told the user to clear the cache? Maybe something to work on.

[Kevin Zoll 279]

See this web page for how to clear your browser cache. https://kb.iu.edu/d/ahic

EAM does not clear browser cache and is not something an Anti-Virus/Anti-Malware application should do.

We do not monitor web pages and what is running inside the browser, that would mean that we would have to intercept all your internet traffic and actively monitor what you are visiting and doing while online.  We do not do this for 2 reasons.  First and foremost that it is a massive privacy issue and we take privacy seriously.  The second is that we would have to intercept all encrypted traffic, essentially performing a man-in-the-middle attack, that poses a serious security issue and if done wrong will completely break SSL.

[GVTS 0]

Kevin,

Thank you for the link and supplemental info.

 

[Kevin Zoll 279]

You are welcome.

If we can be of assistance in the future do not hesitate to contact us.