leezer3 Posted November 2, 2011 ID:491290 Share Posted November 2, 2011 I've got some experience in cleaning infections for family members etc, but I'm outa my depth here In essence, MSE has popped up 3 detected JS exploits (Exploit:JS/Blacole.A) and some other stuff over the past couple of days. In addition, I've seen several Windows error boxes for something like mshtml.dllThere are a few JS script engine errors in event viewer (I suspect these are related, although it doesn't give any modules).Have run scans with MSE which detected several more JS exploits in the tempoary internet files, and MBAM which detected this:e:\Users\christopher\AppData\Local\Temp\pws_cdk.bss (Stolen.Data) -> Quarantined and deleted successfully.e:\Users\christopher\AppData\Local\Temp\pws_mail.bss (Stolen.Data) -> Quarantined and deleted successfully.e:\Users\christopher\AppData\Local\Temp\pws_mess.bss (Stolen.Data) -> Quarantined and deleted successfully.e:\Users\christopher\AppData\Roaming\srhost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.Not convinced I'm clean, could someone take a look please?Logs attached.Attach.txtDDS.txt Link to post Share on other sites More sharing options...
Staff screen317 Posted November 7, 2011 Staff ID:492335 Share Posted November 7, 2011 Hi and welcome to Malwarebytes.Stolen.Data detections mean those files contain information which may include passwords or other sensitive information.Please update MBAM, run a Quick Scan, and post its log.Don't attach any logs unless otherwise specified.Next, please visit this webpage for instructions for running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system. Link to post Share on other sites More sharing options...
Staff screen317 Posted November 12, 2011 Staff ID:493849 Share Posted November 12, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted November 21, 2011 Staff ID:496664 Share Posted November 21, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts