needhelpsjs

February 6, 2013

Thanks MrC,

Sounds like that's it, thanks for all the help.

February 6, 2013

There is 5 in there with finnish yes. They've been on the computer since 2011 apparently.

February 5, 2013

Hi MrC,

If you look in the installed programs list here, there are some which aren't in English.

attach.txt

February 5, 2013

Is there any reason why "ActiveX-Kontroll for fjarranslutningar for Windows Live Mesh" is in the programs list, along with a few others that have.. non English names?

Thanks for the help MrC.

February 5, 2013

Results of screen317's Security Check version 0.99.57

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

McAfee Anti-Virus and Anti-Spyware

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 7 Update 13

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Reader 10.1.5 Adobe Reader out of Date!

Google Chrome 24.0.1312.56

Google Chrome 24.0.1312.57

````````Process Check: objlist.exe by Laurent````````

McAfee Online Backup MOBKbackup.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

February 5, 2013

Seems fine, nothing to report since the viruses were detected.

February 5, 2013

What exactly is a preferences file anyway? I don't think the user of the computer would mind that much if it was missing as long as they can still log into things.

Next step MrC?

February 5, 2013

Hi MrC, when loading Google Chrome after the reboot it told me my preferences were corrupted or invalid and Chrome could not recover them?

AdwCleanerS2.txt AdwCleanerS2.txt

February 5, 2013

Hi this is the log from Adwcleaner, nothing there that looks of importance.

AdwCleanerR1.txt

February 5, 2013

No, if it's working OK...leave it alone. MrC

Sorry, I mean the newest version of Java. Currently there's no java.

February 5, 2013

Hi, I have a 64-bit computer, but using Google Chrome in a 32-bit apparently according to the website.

Should I download the 64 bit or the 32 bit?

February 4, 2013

Here MrC.

ComboFix.txt

February 4, 2013

Hi MrC, nothing was found. Internet seems to be fine along with Windows Update, Windows firewall is off however because of the McAfee Firewall.

However when I rebooted at one point from the startup screen it said something about a 'debugger' wasn't working or something, just seconds before I rebooted and I didn't get to read it all in time.

The thing about this infection was that this: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Blacole

"Additional information

The Blackhole exploit pack is sold to attackers for profit. Thus, attackers are motivated to use the attack code to distribute the following types of malware in oder to offset the financial overhead of the Blacole exploit pack:

Online banking password stealers
Rogue security software
Backdoor trojans to leverage additional theft"

So from the scans does it look like McAfee caught it?

February 4, 2013

Nope, same problem unfortunately.

February 4, 2013

They both continue to stop working, should I try in safe mode?

February 4, 2013

Okay, do you want me to rerun RogueKiller now, and if so, which one?

The x64 gave me an indication as to what the problem was, but the first one just closed.

February 4, 2013

I searched the word 'wer' in the temp folder but it didn't find any of those 3? :wacko:

February 4, 2013

The files that are apparently the cause of it are;

C:\Users\-----\appdata\local\temp\Wer2606.tmp.WERInternalmetadata.xml

C:\Users\-----\appdata\local\temp\Wer6eba.tmp.appcompat.txt

C:\Users\-----\appdata\local\temp\Wer6F67.tmp.hdmp

?

February 4, 2013

Disabling McAfee didn't work, ran in safe mode and it didn't work either.

February 4, 2013

Hi MrC, I attempted to scan 3 times with RogueKiller and it stopped responding and closed every time when it scanned the services. Could this be because McAfee is still active? I didn't see any instructions to stop it being active?

attach.txt

dds.txt

Thanks.

February 3, 2013

McAfee found 3 trojans in the Chrome cache while visiting a website, researched them and they sound sort of serious.

JS/Exploit-Blacole.eu and JS/Exploit-Blacole.em

F_000899

F_00089a

F_00089b

Which were all detected and put into quarantine. Ran Malwarebytes and it picked up nothing.

http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Java%2fBlacole

However the two websites where they were picked up from are:

selkent.org.uk (a low populated income footballing website, hardly no java?)

imotorhead.com (a website about a band)

Which leads me to believe that it could be a FP?

Thanks for any help.

Events

Profiles

Forums

Posts posted by needhelpsjs

Important Information