Content

JS/NoClose

Type
Trojan
SubType
-
Discovery Date
11/23/2001
Length
Varies
Minimum DAT
4173 (11/28/2001)
Updated DAT
4326 (02/18/2004)
Minimum Engine
5.1.00
Description Added
12/06/2001
Description Modified
03/11/2004 10:27 PM (PT)
Risk Assessment
Corporate User
Low-Profiled
Home User
Low-Profiled

Tab Navigation

Characteristics

-- Update March 11, 2004 --
 The risk assessment of this threat was lowered to Low-Profiled due to a decrease in prevalence.

This javascript trojan allows various hidden functions to take place on a user's system. It exists in two forms:

  • In HTA form, an HTML Application is created which is not visible to the user and can not be closed.
  • In HTML form, a browser window is created which is minimized and can not be easily maximized or closed.
Typically these window "tricks" are seen associated with advertisement and banner ad programs. Especially affiliated with pornographic sites and sites which pay commissions to others for displaying banner ads.

The trojan does not contain any other payload and does not cause any damage to the local system. Files which trigger this detection should be deleted.

Symptoms

Minimized web browser window which can not be easily maximized.

Method of Infection

Viewing a web page which contains this trojan javascript code creates the mysterious window in question.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants

    N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

  • JS/NoClose.gen
  • VBS/NoClose

Characteristics

Characteristics -

-- Update March 11, 2004 --
 The risk assessment of this threat was lowered to Low-Profiled due to a decrease in prevalence.

This javascript trojan allows various hidden functions to take place on a user's system. It exists in two forms:

  • In HTA form, an HTML Application is created which is not visible to the user and can not be closed.
  • In HTML form, a browser window is created which is minimized and can not be easily maximized or closed.
Typically these window "tricks" are seen associated with advertisement and banner ad programs. Especially affiliated with pornographic sites and sites which pay commissions to others for displaying banner ads.

The trojan does not contain any other payload and does not cause any damage to the local system. Files which trigger this detection should be deleted.

Symptoms

Symptoms -

Minimized web browser window which can not be easily maximized.

Method of Infection

Method of Infection -

Viewing a web page which contains this trojan javascript code creates the mysterious window in question.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants -

    N/A