I am new to this forum and have attempted to follow a number of instructions on Google about removing the JS:ScriptIP-inf [Trj] bug from my system with no luck. I am now following Essexboy’s tutorial and hoping it will fix the problem. Thought I should post details here to get additional help.
When I load up Chrome I will frequently get Avast notifications that an infection was blocked. When I click for more details I receive the following information:
I ran a full scan of avast, Malwarebytes, OTL, aswMBR.exe and attached the log files for your review.
Please note: a couple days ago I read on a site to d/l malwarebytes and I ran it then and found a ton of malware which I removed all of it. Today, when I ran it again there was nothing found.
:Commands
[CREATERESTOREPOINT]
:OTL
IE - HKU\S-1-5-21-1861822017-4187058266-2448995407-1000\..\SearchScopes\{6110A01E-510B-4CC2-8FF9-4637D509B3C8}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1861822017-4187058266-2448995407-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
:Files
C:\PROGRA~2\SearchProtect
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
Thanks again for your help. I have attached the log files for your reference.
Unfortunately when I open Chrome browser I am still getting the same Avast blocked pop up. One thing I noticed is that the FileAge field is set to 30 days… what does this mean? What if the virus is older than 30 days? Will the scan not pick it up?
rebooted my system and tried IE and did not get that alert. Just opened chrome and got the alert.
Another symptom I am getting is that I get the drop down bar that asks if I want to restore my last session from where I left off with Chrome. I don’t accept it, but not sure if that is correlated.
I tried to reset browser settings and rebooted… no luck. I then went to add/remove programs and uninstalled Chrome. rebooted… used IE to reinstall Chrome, rebooted. Opened Chrome and the pop up came up.
This bug is a real pain. Have there been many others on the forum that have had the same virus?
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please copy and paste log back here.
[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Thank you again for all your efforts in trying to help me with my virus. I did as you instructed, but oddly enough the remove file didn’t seem to do anything. as I still saw remnants of Google on my computer. I followed the steps in the guide and then also went ahead and looking in Program files and Program Files (x86) to delete all Google folders. I then went to add remove files and deleted everything Google related there too.
I rebooted and installed Chrome through IE and the moment the install completed the virus popped up… this is even before I logged into my google account and applied any user settings.
I suspect that Google perhaps was not fully deleted, or this virus is somewhere else and able to point to Chrome when it opens… I have no idea.
The alert shows
The process:C:\Program files(x86).…\chrome.exe
I can’t seem to find that file and since I don’t know what the complete location address is, it makes it hard to find.
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
one other thought… was I suppose to do all the steps you recommended in safe mode with networking? I didn’t do that and if that could have potentially altered the results please let me know.
I apologize, but I have not tried your last suggestion for the fix… I don’t use forums much and am an idiot : /
I thought you hadn’t responded to me because I didn’t click to page 2 on this thread and assumed you gave up on me. I will try this fix once I get home this evening. Thank you for your persistence.
I ran your script and attached both log files for your review. When I opened Chrome it came up with a screen that looked like a Chrome introduction/tutorial. The virus still popped up unfortunately.
I wonder why Avast doesn’t just remove the virus if it is able to identify and block it in the first place…