BleepingComputer.com: JS/Dursg.A

Hi,

Everytime I boot my computer, my CA anti-virus finds this file. I don't have Mozilla Firefox installed. What is the issue here?

Filename: timer.xul
Location: C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\

Infection: JS/Dursg.A

thanks!

You have: Worm/Prolaco.C.1 (aka Win32/Dursg.A) - W32/Routrobot.worm

As you can see by reading those links, the infection creates files/directories/registry entries which must ALL be found and removed. While Malwarebytes appears to find most of it, not every remant may be detected. Further, I am finding this malware with other infections so you may be dealing with more than just JS/Dursg.A.


Please download Malwarebytes Anti-Malware and follow these instructions for doing a Quick Scan in normal mode.

• When removal is completed, a log report will open in Notepad.
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply and exit MBAM.

-- If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

-- Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware as you may need to rename it or use RKill by Grinler.


Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link

• Save any unsaved work. TFC will close ALL open programs including your browser!
  
• Double-click on TFC.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  
• Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  
• TFC will clear out all temp folders (temp, IE temp, Java, FF, Opera, Chrome, Safari) for all user accounts, including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  
• Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

-- Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.


Please download SUPERAntiSpyware Free and follow these instructions for performing a scan.

• Double-click SUPERAntiSypware.exe and use the default settings for installation.
  
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
    
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

-- If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner (listed under Popular Links) instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.