Home / malware Trojan:JS/Tracur.B
First posted on 03 January 2012.
Source: MicrosoftAliases :
There are no other names known for Trojan:JS/Tracur.B.
Explanation :
Trojan:JS/Tracur.B is a JavaScript trojan that is a component of a Firefox extension commonly installed by TrojanDownloader:Win32/Tracur variants.
Top
Trojan:JS/Tracur.B is a JavaScript trojan that is a component of a Firefox extension commonly installed by TrojanDownloader:Win32/Tracur variants.
Installation
Trojan:JS/Tracur.B is a JavaScript component of a Firefox extension installed on the computer by TrojanDownloader:Win32/Tracur.AI. The JavaScript file is commonly found in the following file location:
%APPDATA%\Mozilla\Firefox\Profiles\.default\extensions\{CLSID}\defaults\preferences\xulcache.js
Along with the following Java archive which contains a Java class file, which is used to redirect search results when certain search engines are used in Firefox:
%APPDATA%\Mozilla\Firefox\Profiles\.default\extensions\{CLSID}\chrome\xulcache.jar - detected as Trojan:JS/Tracur.gen!C
Note: {CLSID} is a Class ID that differs for each computer on which it's generated.
The file €œxulcache.js€ is a preference file that is created by Tracur in order for Firefox to load the malicious Firefox extension. For more information on the functionality of this Firefox extension, please see the description for Trojan:JS/Tracur.gen!C elsewhere in the encyclopedia.
Analysis by Amir Fouda
Last update 03 January 2012
