Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

JS/Blacole.OU infection [Closed]


  • This topic is locked This topic is locked

#1
Waterfireearth

Waterfireearth

    Member

  • Member
  • PipPip
  • 17 posts

I use MSE and it popped up telling me I have this infection (JS/Blacole.OU) listed as 'Severe'. I quarantined it then removed it.

Ran another scan and it detected it again.

Quarantined.

 

So this time I disabled my wireless adapter and removed the antennas from the rear of the card.

 

Ran MSE scan again.

Nothing detected.

 

Ran Malwarebytes (out of date by 11 days).

Nothing detected.

 

I doubt it has been fully removed.

 

Can someone please help me remove this thing fully?

 

Until then I am keeping that machine offline.

 

Thanks in advance.

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I will need to have a look at the system. What was the file reported by MSES

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    OTL_Main_Tutorial.gif
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach both logs

  • 0

#3
Waterfireearth

Waterfireearth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Thank you for the prompt reply.

Since then I have been following this guide: http://malwaretips.c...-blacole-virus/

Currently running a custom full scan using MBAM. 

 

Rootkits not detected, Rouguekiller found nothing related to this vius but found a few faked registry keys  and hitman pro found only tracing cookies. 

Once I have completed that guide I will perform what you requested.

What do you think of that guide?

Would this program not generate sensitive information? (The one you told me to use)

It was MSE. Not MSES.
(Microsoft Security Essentials)

 

Thanks


Edited by Waterfireearth, 11 April 2014 - 09:50 AM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A bit of an overkill in my opinion :) As the problem file is usually a javascript which can be removed a little faster
  • 0

#5
Waterfireearth

Waterfireearth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Would this program not generate sensitive information? (The one you told me to use)


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It depends on your definition of sensitive, personally I have no objection to posting any of the logs that I ask you to
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP