Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Can't find source of this javascript malware

  • Please log in to reply
1 reply to this topic

#1 mud329


  • Members
  • 2 posts
  • Local time:04:15 AM

Posted 02 December 2017 - 07:29 AM

Hello, I'm running Windows 7 and found that I could not load the front end for a Raspberry PI I use in the home. All other computers here can access it, I'm only having a problem on this one machine. It gets to a "connecting" screen and just hangs.


I used the developer console in Chrome and found a couple of suspicious javascript calls that happen when I try to access the PI, these calls don't show up when I look at the console on any other clean/working machine. Here is an example:


That domain is not one I recognize at all so I believe it could be related to malware. Things I've tried:


- searched the registry for that domain and can't find it (may be encoded?)

- Malwarebytes, TDSSkiller, and HitmanPro trial do not find any infection.

- Cleared cache, cookies, history

- Tried Chrome in safe mode or incognito (in case it was an extension), still get the javascript calls

- Uninstall and reinstall Chrome


I have no idea why these javascript calls are only happening on 1 machine and can't find where they are coming from.


Edit to clarify: the javascript calls to this suspicious domain happen with other sites too, I just happened to notice them when I could no longer access the UI on my raspberry PI.

Edited by mud329, 02 December 2017 - 07:46 AM.

BC AdBot (Login to Remove)


#2 mud329

  • Topic Starter

  • Members
  • 2 posts
  • Local time:04:15 AM

Posted 02 December 2017 - 11:55 AM

This now appears to be solved. For future readers with similar issues, this is what did it for me:


1. I found some info online about people with javascript malware who had inaccessible folders in c:\windows\users\[user]\AppData\Local. Sure enough, I had a strangely named folder created a couple days ago when I started having my problems, and had no permission to access it and couldn't take ownership of it. So booted to a USB with linux and deleted the folder.


2. Found a strangely named lhfsdf.sys file in c:\windows\System32\drivers. It was also created around the same time as the folder above. Deleted the file. Searched that name in regedit and deleted two keys that referenced it.


3. Rebooted the computer, cleared cache and all seems well now.

Edited by mud329, 02 December 2017 - 03:53 PM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users