Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Malscript!html


  • Please log in to reply
1 reply to this topic

#1 StJoeMike

StJoeMike

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 28 January 2010 - 11:57 AM

I have been battling this Trojan.Malscript!html.. I have to tell you it has been a real pain. All the information I have found on the internet pertaining to this says the threat is low, and removal is easy. Now I have removed some pretty tough viruses in my day but this one sure has not been, “Easy.” The information I have found simply states, update virus definitions and run a full scan.. Some say use MalwareBytes. I have done both, multiple times. But this little Jerk we call Trojan.Malscript!html seems to keep popping up.

Here is the kicker.. It doesnt seem to be affecting the performance of the machine at all. I read where some were having blue screens, or locked down files, or the registry.. We are not having any of those problems.

Here is the deal. When the user logs on to the computer she gets the AutoProtect pop up saying that Trojan.Malscript!html has been found.. The files are always .tmp files in the C:\Users\UserID\AppData\Local\Temp folder. A couple examples of the file names are, DWHD4EC.tmp, DWH84E9.tmp, and DWH14D9.tmp. And we are not talking just a few files, we are talking thousands. If you use windows explorer and watch that folder, you can see them just coming in every couple of seconds. I have ran full scans, MalwareBytes, Spybot, Adaware, A Squared... I even deleted the users profile, removed it from the registry and still no luck. I have done the scans both in normal windows and safe mode. This little jerk just seems to keep coming back, and it is driving me nuts as you can understand.

Symantec lists some information on it, but it really isnt too helpful..

http://www.symantec.com/security_response/...-011517-3725-99

I am guessing that there is something running in the background but I cant find it. Anyone else have any ideas?

Mike

Edited by StJoeMike, 28 January 2010 - 12:05 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:22 PM

Posted 28 January 2010 - 05:06 PM

Hi,given it is a script virus it will probably need one to remove it safely and not bork the PC.

You will need to run HJT/DDS.
Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users