JS:ScriptIP-inf [Trj]  HELP!

system · 2014-03-29T16:37:05.000Z

I ran the fix and attached the log. After reboot, the virus pop up still persists.

: (

essexboy · 2014-03-29T16:39:38.000Z

OK I will have to have a think about this one. All I can say at the moment is that a programme is trying to update a server list using a bad URl.

I will be back later after rummaging through my tools. As it stands it is just chrome that is affected

system · 2014-03-30T22:00:11.000Z

Thank you again for all your help. I am not sure what you mean by URI.

The virus is only impacting Chrome. Have a great weekend.

polonus · 2014-03-30T22:12:29.000Z

Hi flatcoke,

uri and URL are terms often mixed up, read about what an uri is here: http://nl.wikipedia.org/wiki/Uniform_Resource_Identifier
URL is a form of an uri.

polonus

essexboy · 2014-03-31T13:18:08.000Z

The problem with something like this is that no antimalware or antivirus programmes will detect it. Hence all the manual searches

I do not believe that the shortcuts are infected but we can try this next

Could you download and run short cut cleaner from here http://www.bleepingcomputer.com/download/shortcut-cleaner/

Once done could you post the log

system · 2014-03-31T14:28:02.000Z

I ran the program and attached the log for your review. After reboot, the virus still popped up. I’m surprised this thing hasn’t gotten more widespread given that it is so hard to find.

essexboy · 2014-03-31T15:24:44.000Z

As it is only in Chrome there is no way to look for a common denominator in the other browsers. Also extensions within Chrome can autoupdate without the user knowing, although I believe that is changing soon.

Having another look at all logs

system · 2014-03-31T17:19:42.000Z

One thing to mention now that you bring up other browsers.

Though I do not get the virus pop up message from Avast when launching IE, I did notice that IE crashed a few times for an unknown reason. I am trying to use it now, but can’t replicate the crash. Not sure if this intermittent crashing for IE is related to the virus pop up within Chrome.

essexboy · 2014-03-31T17:34:10.000Z

Could you run an all users OTL scan please and I will have another look at chrome, also could you have chrome closed when you run the scan

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[]Select LOP and Purity
[]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
c:\program files (x86)\Google
c:\program files\Google
dir “%systemdrive%*” /S /A:L /C
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

system · 2014-04-02T22:00:03.000Z

Hi Essexboy…

So I turned on my computer today and launched chrome and oddly the virus pop up did not come up. I don’t know why this is or if it was a fluke so I rebooted and started chrome again. Same thing… no virus pop up came up… I just saw your last message to run an OTL scan, but haven’t tried that.

Any thoughts on what happened to the virus? Logically I don’t see why the pop up would disappear… is it possible that it took time for the last fix to work? That doesn’t make sense to me…

Some things that have changed, I added a chrome extension cal Adblock pro to block google ads… I have also noticed that Avast has had a few virus definition updates recently.

Is it possible that the adblock extension is preventing the virus from starting?
is it possible that the new virus definitions added to Avast allowed Avast to remove the virus completely?

Anyway, I’m hoping this is the end of it all. Is there any final scan you would want me to do to determine if this problem, is in fact, resolved?

essexboy · 2014-04-03T13:02:18.000Z

Hmm weird, I do not feel it was an FP as you appear to be the only one. An Avast update may have removed the offending file, although you should have been informed of that

Leave it for a day or so and if it does not return consider it fixed

system · 2014-04-03T16:35:34.000Z

Thank you again for all your help on this. You rock man.

essexboy · 2014-04-03T17:03:18.000Z

Once you are happy download and run delfix to clear the tools again

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

system · 2014-04-04T13:57:33.000Z

Bad news… the virus pop up is coming up again and nothing has changed with any of my activities… I don’t know what’s going on.

I ran OTL as you instructed above and attached the log file.

I also realize that OTL didn’t generate an extras.txt

essexboy · 2014-04-04T14:22:36.000Z

This may damage the extensions in Chrome as your preferences file is unreadable

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:Files
C:\Users\Andrew Lee\AppData\Local\Google\Chrome\User Data\Default

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

system · 2014-04-04T15:12:07.000Z

no luck… : (

attached are the logs. Thanks!

I am wondering why not extras.txt was generated and one thing I changed in the OTL setting was the “Extra Registry” field to none. That was what it showed in your screenshot. Should it have been set to the default “Use Safelist” or “All”?

essexboy · 2014-04-09T17:39:40.000Z

So far I have been unable to find a reason for this only affecting Chrome, I still have a few more places to search though

system · 2014-04-16T23:24:07.000Z

Thanks again for your help. Let me know if there is anything else I can do at this point for troubleshooting.

essexboy · 2014-04-17T12:56:03.000Z

As it stands at the moment you appear to be the only one with this, none of my enquiries has elicited a solution I have not tried. I may install chrome on my system to see if there is a way of duplicating it

system · 2014-04-17T14:47:07.000Z

I see… sounds like a really weird bug. You’ve given it your best shot and I really appreciate it. Don’t worry about trying to replicate the bug. I don’t even know where I got it from… likely my girlfriend surfing on my computer. I can’t tell if the virus is causing any decrease in performance and for the most part doesn’t impact my ability to use my computer… to my knowledge.

In the case that you do replicate the problem, I would hate for you to be in the same situation as me so I don’t know if you want to try that.

Perhaps we just table this for now and I’ll wait till I it actually starts messing up my system… If that happens maybe I’ll just scrap it all and start over : /

Announcements