Jump to content

Something fishy


leezer3
 Share

Recommended Posts

I've got some experience in cleaning infections for family members etc, but I'm outa my depth here :)

In essence, MSE has popped up 3 detected JS exploits (Exploit:JS/Blacole.A) and some other stuff over the past couple of days. In addition, I've seen several Windows error boxes for something like mshtml.dll

There are a few JS script engine errors in event viewer (I suspect these are related, although it doesn't give any modules).

Have run scans with MSE which detected several more JS exploits in the tempoary internet files, and MBAM which detected this:

e:\Users\christopher\AppData\Local\Temp\pws_cdk.bss (Stolen.Data) -> Quarantined and deleted successfully.
e:\Users\christopher\AppData\Local\Temp\pws_mail.bss (Stolen.Data) -> Quarantined and deleted successfully.
e:\Users\christopher\AppData\Local\Temp\pws_mess.bss (Stolen.Data) -> Quarantined and deleted successfully.
e:\Users\christopher\AppData\Roaming\srhost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Not convinced I'm clean, could someone take a look please?

Logs attached.

Attach.txt

DDS.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Stolen.Data detections mean those files contain information which may include passwords or other sensitive information.

Please update MBAM, run a Quick Scan, and post its log.

Don't attach any logs unless otherwise specified.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.