Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VirTool:JS/Obfuscator.BR


  • This topic is locked This topic is locked
2 replies to this topic

#1 ww1

ww1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 14 February 2012 - 08:42 PM

Microsoft Security Essentials (MSE) has detected and Quarantined this program. I tried to paste in a screen shot of MSE's History page showing it but I've been unable to do so. In any event, though I have the MSE settings set to delete detected items in one day, it's been there for several weeks. I've been working with MSE who have put me through several full scans while my computer runs in safe mode, but this rascal is still there. The last information from MSE is the following:


Hello Walter,

I have already got this screen shot, I request you to send the screen shot of quarantined items and Allowed items.

If file is still quarantined or allowed this should show in the list history of quarantined items. If you donít find anything in the list of quarantined items then this threat is already removed. You may wonder how?

The Trojan was located in the temporary internet files

Items:
file: C:\Documents and Settings\Wally\Local Settings\Temp\~DFE98E.tmp

The temp are normally cleared when you run disk clean up, or when you reset internet explorer. If you have never run a disc clean up before please run it now and the threat (if any) will be automatically removed. Use Disk Cleanup

Click Start > All Programs > Accessories > System Tools > Disk Cleanup. <<http://windowshelp.microsoft.com/Windows/en-US/Help/1264bc24-72a8-48aa-84e3-a355327139d91033.mspx>>


I did the Disk Cleanup, but MSE still shows the item as Quarantined, among a half-dozen other items which are labeled as "Removed." I don't like being told the item has been removed when it's not presented as removed, but as quarantined.

I'd appreciate any help you can offer. A screen shot, if I could show you one, might make this clearer. I just attached a file, below. Maybe this will be of help. Thank you.




Attached File  Obfuscator .doc   193.5KB   3 downloads

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:15 AM

Posted 19 February 2012 - 10:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

I did the Disk Cleanup, but MSE still shows the item as Quarantined, among a half-dozen other items which are labeled as "Removed." I don't like being told the item has been removed when it's not presented as removed, but as quarantined.

This is a protection so that you can keep your sanity. What if the file quarantined was a good operating file?
This being the case you would have a chance to restore it.
===

If you want me to ckeck on malware I will need to see both of these logs.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:15 AM

Posted 25 February 2012 - 09:50 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users