Jump to content
Dr. Cold-blooded Fire

Virus through youtube?! infected/attacking channel?

Recommended Posts

Hello!
I tryied to watch a video off the "Tech Roady" youtube channel on one of Hak5 products, and when I pressed the video my avast antivirus showed the following message:

Quote

Threat  secured
we've safely aborted connection on www.youtube.com because it was infected with JS:ScriptPE-inf[Trj].

What is going on here? If it is actually an intended virus, how is it possible to do that through youtube?
When I opened it again, this time by pasting the link, the video started playing while displaying only the video, and the antivirus stopped the virus again.

This is the link of the video I tryied to watch. 
DO NOT open without protection:
XXXXXXXXXXXXXXXXXXXXXXXXX
https://www.youtube.com/watch?v=JaD-5_ubPRc
XXXXXXXXXXXXXXXXXXXXXXXXX

 

Share this post


Link to post
Share on other sites

It's probably more likely that it blocked a browser plug-in or injected advertisement on the page, and Avast just knows that it came from the page with that URL.

So when you go to that URL a plug-in might be injecting extra JavaScript into the page and Avast just sees that there is malicious malware on the page downloaded from YouTube.

Are you using Chrome? If so try opening the page in Incognito mode as I'm pretty sure that stops the Chrome plug-ins. See if it happens again while in Incognito. If not then you'll probably have to do some plug-in deleting in Chrome. If so, YouTube has been hacked, or your computer has a virus (far more likely) that is messing with your browser. Strange that Avast wouldn't pick up a program though.

Share this post


Link to post
Share on other sites
9 hours ago, Dr. Cold-blooded Fire said:

Just checked, it won't reach it through regular chrome either.. but it did 5 seconds before I try it on the ingognito.

I would run a full scan on your computer. Malwarebytes is an anti-virus I recommend.

Are you typing these replies on that same computer?

Share this post


Link to post
Share on other sites

A quick search shows that it’s a pretty nasty nasty. Kill it with fire.

Share this post


Link to post
Share on other sites

Judging from the name - is it some kind of boot record that causes the machine to dual-boot two different OS' for backdoor purposes? Sounds very nasty indeed.

On 1/11/2019 at 12:36 PM, Dr. Cold-blooded Fire said:

i run full scans with avast and malwarebytes and they don't read it anymore.. I don't think it hide automatically because it has been detected, why wouldn't it do so from the beginning.. right?

Did you delete it before running another scan?

Just do another full scan with Malwarebytes. If nothing pops up you're probably okay. I'd probably blow away Windows though and start it fresh to be sure, but that's up to you.

Edited by Dave-ee Jones
  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...