"Trojan:Script/Cloxer.A!cl", any info on this virus? what does this virus do?

windows security virus malware anti-virus
26,257

It is very likely that nobody knows, except the author (if it is a human). The script was identified by an AI, thus given a meaningless name and providing no information about what the behaviors are. For all we know, it was an AI that created it as well.

Most of these scripts are Adware and don't work well. It may not have infected your computer and only been present in your browser cache or download files. Getting a timestamp and location of where Defender found the virus might give you a sense of how severe the problem is. If the file has been quarantined, it could be examined. A lot of these are in javascript now so we can see exactly what they do.

First thing, though, is change your passwords. In case it was a keyboard logger, it may have those. If you wipe and restore your computer every time a virus lands on it, then that's all you'll ever do. If you had a security clearance and it was a national security issue, you'd already have people doing it for you. Think about your biggest exposure (bank logins, paypal, etc.) and change those passwords. Then try not to worry about the rest.

Share:
26,257

Related videos on Youtube

John
Author by

John

Updated on September 18, 2022

Comments

  • John
    John over 1 year

    Windows Defender identified and removed a threat on my Win10Pro PC called "Trojan:Script/Cloxer.A!cl". But there is no information on the web on this trojan, searching for this yields little/nothing. The Windows Defender info on this is only that they consider it severe and: This program is dangerous and executes commands from an attacker and the microsoft.com description on this is here.

    How can I get more details on what this virus does/did? What are the commands it may have run? Does is try to obtain user names and passwords? Does it find and upload files someplace? Is it a crypto miner? Spyware? DoS zombie? How was my system impacted? Should I totally wipe and re-install? I'd just like to know what this Trojan does/could do so I can gauge the impact of it and I'd like to know the vectors it uses as to how it got on my system.

    I do keep my system up to date (on Win10 Pro V 1709 Build 16299.248) and my Defender is up to date and I run it often, but I have no other protection.

    UPDATE: On the point that this post may be a duplicate - I disagree and feel this is NOT a dupe. Mainly I am looking for specific details on the Cloxer virus, not how to remove it (but that referenced post is good and a logical next read for viewers of this post).

    • Garr Godfrey
      Garr Godfrey about 6 years
      Defender should show you where it found it. That can give you some idea, but no research seems to have been published about this one.
    • John
      John about 6 years
      Win Defender does log the path to the offending file which looks to be in the cached items for FireFox: C:\Users\wheel\AppData\Local\Mozilla\Firefox\Profiles\w6z9.d‌​efault\cache2\entrie‌​s\006C..93E3 . Guessing this was some sort of javascript based vector, but don't know what site I picked it up at. I had Defender delete it but next time I'll see if I can copy the file for some better analysis.
    • fixer1234
      fixer1234 about 6 years
      There are thousands of malware files. It is out of scope for the site to be a repository of information on each one.
    • David
      David about 6 years
      A harmless program I wrote tripped this today on a users computer. I use nothing but standard .NET libraries and a few of the most well known NuGet packages (JSON.NET, MoreLinq, etc). At a loss as to what this could be.
    • elwc
      elwc about 6 years
      I wrote macro codes in my word document file and it was detected as Trojan:Script/Cloxer.A!cl. No idea why
    • Marcus Pope
      Marcus Pope almost 6 years
      Just wanted to add a data point - I too had a local js file that I personally wrote get flagged for this Trojan as well. Admittedly my file uses activex objects for accessing the file system, but it's a util library I use in projects I write for myself only. I was worried it had been leaked and was being used for nefarious purposes, but I suppose the AI algorithm is just mistaken given other's experiences.
  • Peter VARGA
    Peter VARGA almost 6 years
    We are working on a Windows 2012 R2 Terminal Server and one user clicked on a link with this script. She realized that it may be virus or what ever and logged out immediately her session. She is not working as Administrator. Can we assume nothing happened because scripts like this need the Administrator permission in order to work properly?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

I can't open/ping any antivirus sites
Is it possible to find the origin of a virus?
How can I make a Windows PC bullet-proof for home users?
Is my host machine completely isolated from a virus-infected virtual machine?
How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?
can windows virus affect Linux machine through wine?
Multiple explorer.exe processes consuming large amounts of memory
Identifying program attempting to install certificate on windows
How to remove the FBI Ransomware malware?
Any folder copied to my Flash/memory card becomes a shortcut?