js/nemucod.dt

[mc_and_son]

A full scan with Malwarebytes AntiMalware Premium on my desktop computer found nothing.  However, a full scan with my virus protection software, McAfee VirusScan Enterprise, found four instances of the js/nemucod.dt trojan, which it could not remove.  I repeated both scans in the Safe Mode and got the same result.  Any help removing this trojan would be greatly appreciated.  I'm running Windows 7 Professional 64 bit.  The FRST and addition text files are attached.  Thanks much.   --    Robert Stark

Addition.txt

FRST.txt

[AdvancedSetup]

Hello @mc_and_son

Someone from our Support Team will be in touch with you shortly to assist you.

Thank you

 

[Maurice Naggar]

Hi.

If you look at FRST's Addition txt, you will see a system event notation by the McAfee VirusScan Enterprise  about some content it found in the Live mail that points to a suspected JS trojan.  That being the case, MCAFEE is the one that had to deal with it and should have been able to deal with & to remove it.

Two points need to be made:  Our software does NOT scan the content of email ( let alone a LIVE Mail archive).

Look at the JUNK folder on your email.  Look for something or other that has 39296_382945.zip

Delete that email.   Perhaps, better yet, look over the Junk folder and delete what you simply no longer need.

 

Second point:  JS files are script files.  Our software simply does not scan JS files.  Our sofwtare is intended and designed to stop malicious malware programs.  EXE type files.

My opinion is that once you clean out the Live Mail archives  ( especially JUNK folder) that you would no longer have the prompt about JS/Nemucod.dt

 

One other further point, the tagged JS file is one single js file contained inside of a zip file in the Live mail.  Also, be sure you understand, our software has limited ability on scanning zip archives.   Added to which, it cannot change or repair ZIP files.

 

[mc_and_son]

On 8/4/2016 at 2:20 PM, AdvancedSetup said:

Hello @mc_and_son

Someone from our Support Team will be in touch with you shortly to assist you.

Thank you

 

Following the above advice to my inquiry given by Maurice Naggar, I found and deleted the offending email in Windows Live Mail.  This fixed the problem - full scans by McAfee VirusScan Enterprise now find nothing.  Thank you Mr. Naggar.

[Maurice Naggar]

That is great to know. You are welcome.

Let me relay these other tips, so that you can beef up the web browser programs.

Go into the Options ( settings) of Internet Explorer  ( and any other web browser you have).
Make sure that the POPUP blocker is ON.
Set the option on for rejecting (decline) 3rd-party cookies.

And in addition to all that:
Use a good browser extension ( add on) ad blocker.  If your pc has no ad blocker add-on for your browser(s), I would suggest uBlock Origin.
For Mozilla Firefox, use the Mozilla page at this link
https://addons.mozilla.org/addon/ublock-origin/

For Google Chrome, see
https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm

For Internet Explorer browser:
https://adblockplus.org/en/internet-explorer

For Opera browser, see
https://addons.opera.com/en-gb/extensions/details/ublock/

ALSO this too
To help totally block these types of  "popups" I would recommend to *only use Firefox browser* that also has the addon for
NoScript Suite Lite.
and just only use that when surfing the web.
Tips and how to's for Noscript suite are on this page link
http://mybrowseraddon.com/noscript-lite.html

We have a free version Malwarebytes Anti-Exploit (MBAE) that protects against exploit attacks in your browsers and Java, and a paid version that also protects additional applications such as MS Office.
https://downloads.malwarebytes.org/file/mbae_current/

I would recommend you install the Anti-Exploit in free use mode.   ( that is, if you do not have it from before).