1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Exploit:js/blacole.lv help!

Discussion in 'General Software' started by Bow, Mar 9, 2013.

  1. Bow

    Bow

    Joined:
    Jul 25, 2008
    Messages:
    2,347 (1.07/day)
    Thanks Received:
    938
    Location:
    Way Upstate New York
    My PC came down with the bug listed in title and I can not find a way to get rid of it...easy way..:banghead:
    I updated everything, disconectd from the net restarted pc, ran mse, cleaned deleated all eploit:js/blacole.lv, deleted browser history, ran disc clean up, ran mse again, restarted pc pluged back into the net and still have the problem...
    Any quick fixes??

    Windows is up to date.
    MSE up to date.
    using IE9
    Crunching for Team TPU
  2. silkstone

    silkstone

    Joined:
    Nov 1, 2008
    Messages:
    2,853 (1.37/day)
    Thanks Received:
    486
    Try the kaspersky rescue disk thingmajig
    Bow and 95Viper say thanks.
  3. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,297 (2.04/day)
    Thanks Received:
    1,538
    Location:
    στο άλφα έως ωμέγα
    Fiirst, if you have system restore on... Turn it off. And, it may be a good idea to delete/clean out your java program and file caches.
    The Kaspersky Rescue disk is a good recommendation by Silkstone.
    Also, get Malwarebytes and boot into SAFE MODE to run it and your other antivirus/malware programs.
    Try a few online scanners, too.

    And, if you do get it cleaned... Update java/flash/etc. to the latest versions, if you use them.

    That java exploit will possibly download other exploits, too.

    If you can't clean it out totally, you may need to do a re-install or a recovery (after a disk wipe) from a known clean backup.

    Goodluck:)
    Bow says thanks.
  4. Bow

    Bow

    Joined:
    Jul 25, 2008
    Messages:
    2,347 (1.07/day)
    Thanks Received:
    938
    Location:
    Way Upstate New York
    Thanks for the tips guys. Time to get started
    Crunching for Team TPU
  5. DarkOCean

    DarkOCean

    Joined:
    Jan 28, 2009
    Messages:
    1,613 (0.81/day)
    Thanks Received:
    348
    Location:
    on top of that big mountain on mars(Romania)
    Recently i've had a full nest of exploits, luckily malwarebytes seems to solved my problem.
    As a side note i'm a mse user and those pests even managed to stop the av and disable the firewall.
    Bow says thanks.
  6. Bow

    Bow

    Joined:
    Jul 25, 2008
    Messages:
    2,347 (1.07/day)
    Thanks Received:
    938
    Location:
    Way Upstate New York
    :banghead:Nothing is working
    Now MSE and Malwarebytes are both telling me I have no virus, but with out a doubt I do

    What next????
    Crunching for Team TPU
  7. SaiZo

    SaiZo

    Joined:
    Apr 21, 2011
    Messages:
    497 (0.42/day)
    Thanks Received:
    56
    Location:
    Hesperus IV
    Try SUPERAntiSpyware?? Maybe that can help?
  8. DarkOCean

    DarkOCean

    Joined:
    Jan 28, 2009
    Messages:
    1,613 (0.81/day)
    Thanks Received:
    348
    Location:
    on top of that big mountain on mars(Romania)
    If nothing works you can always do a fresh install after you make a backup of anything you may need from the os partition.
    Bow says thanks.
  9. Tatty_One

    Tatty_One Senior Moderator Staff Member

    Joined:
    Jan 18, 2006
    Messages:
    16,401 (5.28/day)
    Thanks Received:
    2,339
    Location:
    Worcestershire, UK
    They may have left some nasties for you, go to search, then select the "date modified" option, put in the date of your attack and let it run, when the list comes up, go through it, if anything looks dodgy or does not look as though it relates to any existing programs/apps check it out in the directy where it lives, I have found a couple in the past that way and deleted them, then re-start without network connection and see how you get on.
    Last edited: Mar 9, 2013
    Bow says thanks.
  10. scaminatrix

    scaminatrix

    Joined:
    Mar 1, 2010
    Messages:
    3,578 (2.23/day)
    Thanks Received:
    794
    Location:
    By the Channel Tunnel, Kent, England
    stinger608 and Bow say thanks.
  11. Mindweaver

    Mindweaver Moderato®™ Staff Member

    Joined:
    Apr 16, 2009
    Messages:
    5,143 (2.67/day)
    Thanks Received:
    2,650
    Location:
    Statesville, NC
    You need to run Chameleon by Malwarebytes. It will kill any nasties in memory. :toast:
    Bow says thanks.
    Crunching for Team TPU
  12. Bow

    Bow

    Joined:
    Jul 25, 2008
    Messages:
    2,347 (1.07/day)
    Thanks Received:
    938
    Location:
    Way Upstate New York
    At this point I rather just pay for something to kill it. I have BF3 plans tonight...lol
    Crunching for Team TPU
  13. Sasqui

    Sasqui

    Joined:
    Dec 6, 2005
    Messages:
    7,462 (2.37/day)
    Thanks Received:
    1,295
    Location:
    Manchester, NH
    Do you have a second computer? Plug the drive in as a slave and scan it from a clean PC.
  14. silkstone

    silkstone

    Joined:
    Nov 1, 2008
    Messages:
    2,853 (1.37/day)
    Thanks Received:
    486
    If you have sensitive data on the machine and you are still worried, i agree that you should do a complete re-format, just back everything essential up on 2nd hdd. A complete re-install of my system usually takes 1-2hrs and then ongoing for about a week for the smaller, less used stuff.

    You just have to remember everything you want to backup. I always forget my game saves :(
  15. Bow

    Bow

    Joined:
    Jul 25, 2008
    Messages:
    2,347 (1.07/day)
    Thanks Received:
    938
    Location:
    Way Upstate New York
    Combo fix and chameleon did not work. This sucks.
    Crunching for Team TPU
  16. Mindweaver

    Mindweaver Moderato®™ Staff Member

    Joined:
    Apr 16, 2009
    Messages:
    5,143 (2.67/day)
    Thanks Received:
    2,650
    Location:
    Statesville, NC
    Have you tried Spybot? If you buy the pro version you can user there boot cd.
    Crunching for Team TPU
  17. Bow

    Bow

    Joined:
    Jul 25, 2008
    Messages:
    2,347 (1.07/day)
    Thanks Received:
    938
    Location:
    Way Upstate New York
    Trying zone alarm
    Crunching for Team TPU
  18. silkstone

    silkstone

    Joined:
    Nov 1, 2008
    Messages:
    2,853 (1.37/day)
    Thanks Received:
    486
  19. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,297 (2.04/day)
    Thanks Received:
    1,538
    Location:
    στο άλφα έως ωμέγα
    You can try:
    1. Running Ccleaner to remove any junk files and running the registry cleaner a couple of times to remove any leftover reg entries.
    2. Open an administrative command prompt and run "sfc /scannow" (put a space between the "c" and "/"). This will check the validity of your windows files and help you to fix any it finds have been compromised.
    3. Flush your dns cache, check and clean out your hosts file, check your browser cache and clean it out.
    4. You can try autoruns to see if there any misspelled programs in the different groups listed or programs you don't recognize or unsure of, then you can disable or delete them.

    Or, what I mentioned before.. Re-install your OS or restore from a known clean backup, if you have one.

    Just wondering, what is it doing to make you think it is still there?
    Bow says thanks.
  20. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    8,111 (2.55/day)
    Thanks Received:
    1,125
    "The issue with 0.access or most rootkits now days is that it is a smart rootkit, it loads during boot time, and intercepts all processes to control what can and can't be seen. The only way to remove it successfully since you can't install anti-virus with it running and it prevents the correct use of tddskiller or combofix is to use the batch script tool I made and uploaded or to use a anti-virus with the drive loaded in another secure PC.
    http://www.techpowerup.com/forums/sh...ighlight=fixit

    Download and get the most current version of TDDS killer to put in the archive.

    Copy to a USB stick and then use your recycle bin to launch an explorer window to copy to your C drive and follow the instructions. "


    Run this. It works. Simple batch files FTW.
    Mathragh and Bow say thanks.
    10 Million points folded for TPU
  21. Bow

    Bow

    Joined:
    Jul 25, 2008
    Messages:
    2,347 (1.07/day)
    Thanks Received:
    938
    Location:
    Way Upstate New York
    Thanks for all the tip guys, so far ZoneAlarm as seemed to work.
    Crunching for Team TPU
  22. Bow

    Bow

    Joined:
    Jul 25, 2008
    Messages:
    2,347 (1.07/day)
    Thanks Received:
    938
    Location:
    Way Upstate New York
    Programs will not load, crazy commericals and music are playing and I am not connected to the net. Team Speak, Motocast, PCPitstop, all will not work.

    I thought Zone Alarm had it fixed but it started up again. ZoneAlarm finds it and says it takes care of it but it still there. Every scan I run.

    Tried the steps that Silkstone posted and that did not work.
    @95Viper, I am a PC dumbass I don't eve know where to find that stuff.
    @Steevo, going to send you a pm.
    Crunching for Team TPU
  23. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    8,111 (2.55/day)
    Thanks Received:
    1,125
    Bow says thanks.
    10 Million points folded for TPU
  24. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,297 (2.04/day)
    Thanks Received:
    1,538
    Location:
    στο άλφα έως ωμέγα
    No, don't ever think that... you are in a process of learning.

    I have been working with computers for 40 years in one fashion or another and I still do not know all & learn something new all the time.

    In my opinion... that is part of the reason I come to TPU... a great place to learn and to help.

    Back on topic:

    You/ZoneAlarm/other... either, thought you got it and missed a piece; or, you got it and it's leftovers are affecting you system.
    The BlackHole Exploit was nasty and the BlackHole Exploit 2.0 is worse... plus there are a lot of different versions. The main attack is virtually the same, however, the add-ons (or downloads) vary.
    Since, you bought ZA, maybe, one of the techs there can help clean out your system.
    You can try the ZA forum for help; however, there are a couple of jerks over there that will blow you off and tell you to seek help from support.

    You can try this from F-Secure: Easy Clean
    Download the file. Right click on it and choose "run as administrator". It may or may not ask you to restart your system... let it.

    Also, try this: Do-it-yourself Emsisoft Emergency Kit USB stick
    Extract the contents of the Emsisoft Emergency Kit to a USB stick to create your own universal tool for scanning and cleaning infected PCs.


    Unless, you want to dig around and fix things (which could take quite a lot of sleuthing and time)... I still recommend, you backup all the data you need to save, and do a complete wipe and re-install.
    And, I recommend, either, scheduled or regularly made manual backups in the future.

    Edit:

    Datum's Complete Internet Repair 1.3.2.1322 may help clean up your internet. Check all the boxes and GO.

    You may find this useful in cleaning/fixing your system: Tweaking.com - Windows Repair

    You may find this guide of some interest. It mentions a lot of what has been suggested, plus a few more items: MalwareTips.com's "Remove ZeroAccess rootkit (Uninstall Guide)"
    Last edited: Mar 12, 2013

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page